PERSONAL DATA POLICY

Last updated: March 31, 2026

This personal data policy has been drafted by Verso, registered with the Paris Trade and Companies Register under number 102 243 441, with its registered office at 3 boulevard de Sébastopol, 75001 Paris (hereinafter "Verso").

This personal data policy (the "Policy") applies to all users of the website https://www.askverso.ai/, questionnaires sent by Verso, and the Solution.

The Policy aims to inform you about the processing of your personal data carried out by Verso, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the French Data Protection Act no. 78-17 of 6 January 1978 in its latest applicable version (together the "Personal Data Rules"). The Policy is published and accessible at all times on the website https://www.askverso.ai/

1. DEFINITIONS

The following definitions apply throughout this privacy policy:

  • "Client": refers to any person who uses the Solution to conduct Studies.
  • "Study": refers to any study based on the analysis of Respondents' feedback by the Solution.
  • "Data Subject": refers to a Visitor, a Client, a Respondent, or any other person whose personal data may be processed by Verso.
  • "Respondent": refers to any adult who voluntarily participates in a Study.
  • "Site": refers to the website accessible at https://www.askverso.ai/ and its subdomains.
  • "Solution": refers to the solution called Verso, accessible at https://app.askverso.ai
  • "Visitor": refers to any person browsing or navigating the Site.

Unless the context requires otherwise, singular definitions include the plural, and vice versa.

2. IDENTITY OF THE DATA CONTROLLER

2.1 For Visitors

Verso is the data controller for personal data in connection with the use of and navigation on the Site.

2.2 For Clients

Verso is the data controller for personal data in connection with subscription to the Solution and the management of the contractual relationship.

When you use the Solution, Verso acts as a data processor with respect to the content of Studies and the processing related to the Client's use of the Solution.

2.3 For Respondents

With respect to your responses and the content of Studies, Verso acts as a data processor, following the instructions of the Client, who acts as the data controller. Verso and the Client are also bound by a data processing agreement.

3. PERSONAL DATA COLLECTED

Verso may process the following personal data. The provision of certain data is required to access the Solution, as indicated by an asterisk.

3.1 For Visitors (only when a contact request is submitted)

  • Last name and first name(s);
  • Contact details (email address and phone number);
  • Company name.

3.2 For Clients

  • Last name and first name(s);
  • Contact details (email address, postal address, phone number);
  • Connection data (login credentials, password, connection times, IP addresses, locations, connection history);
  • Bank details and payment information;
  • Client device data (operating system, language).

3.3 For Respondents

  • Identification information potentially collected during participant recruitment (e.g. civil status, email address, age group, etc.);
  • Connection data (login credentials, connection times, IP addresses, locations, connection history);
  • Respondent device data (operating system, language);
  • Content of information shared on the Solution (photographs, videos, and voice notes);
  • Warnings and sanctions in the event of sharing inappropriate or unlawful content.

4. PROCESSING ACTIVITIES, PURPOSES, LEGAL BASES AND RETENTION PERIODS

The following table summarises the processing of your personal data, including (i) the purposes pursued and (ii) the legal basis on which we rely.

Certain data may be analysed through the use of artificial intelligence tools within the Solution in order to conduct interviews, structure responses, and produce insight summaries. These automated processes are not intended to produce automated decisions with legal effects on Data Subjects.

Processing Purpose Legal basis
Access to and operation of the Solution Managing access and operation of the Solution to enable Clients to benefit from the contractually agreed services. Performance of contract
Login and identification of Clients and Respondents Identifying Clients and Respondents when they use the Solution and enabling them to retrieve information linked to their responses and to Studies. Performance of contract
Commercial relationship management Managing the commercial relationship with Clients (including contract management, invoicing, and day-to-day communication). Performance of contract and, for accounting and invoicing purposes, compliance with legal obligations
Processing assistance requests Responding to assistance requests from Data Subjects. Performance of contract
Filtering of unlawful content Preventing the transmission of unlawful content through the Solution. Legitimate interest in ensuring the security and quality of the service provided via the Solution
Fraud prevention Preventing fraud and scams targeting Verso, including but not limited to the use of stolen bank cards. Verso's legitimate interest in preventing fraud
Satisfaction surveys Conducting satisfaction surveys, taking into account feedback on Verso's services, and producing statistics/commercial indicators on the use of Verso's services in order to improve them. Verso's legitimate interest, specifically its commercial and economic interest in understanding client expectations and improving its products and services accordingly
Prospecting Communicating commercial information to Clients, Visitors, and prospects, and conducting demonstrations of the Solution. Consent
Exercising Data Subjects' rights Managing requests by Data Subjects to exercise their rights. Legal obligation

5. WHO ARE THE RECIPIENTS OF PERSONAL DATA?

Personal data concerning Data Subjects is processed for the aforementioned purposes and may exclusively be shared with the following categories of recipients:

  • Day-to-day operations: Verso's internal departments and subcontractors providing digital solutions useful for Verso's daily operations, such as data hosting, unlawful content filtering, error and bug detection in the Solution, usage monitoring, updates, and maintenance of the Solution.
  • Marketing and communications operations: Verso's internal departments and subcontractors providing online and social media communication solutions, enabling data analysis for marketing purposes.
  • Maintenance operations: Verso's internal departments and subcontractors who have access to the Solution and Verso's tools to carry out maintenance operations, address technical issues, or respond to emergencies.
  • Management and advisory operations: Verso's internal departments and subcontractors supporting Verso in its management and compliance (whether in accounting, legal, financial, or audit matters).
  • Partners or Clients' clients: Clients may use Verso on behalf of a third party or in a broader context. In such cases, Respondents are informed, before the questionnaires begin, of the context of the Study, the intended recipients, and the extent to which their personal data will be used.
  • Public authorities and bodies: To comply with legal obligations and/or to protect the rights and/or safety of Verso or an individual, Verso may be required to transmit personal data.

Neither Verso nor its recipients sell the personal data they receive.

6. RETENTION PERIOD FOR PERSONAL DATA

Unless applicable law or regulation provides otherwise or requires a longer retention period, we will only retain your personal data for the period strictly necessary to pursue the purposes set out in this Policy.

7. TRANSFER OF PERSONAL DATA

Personal data processed by Verso is hosted on servers located in Europe.

Some personal data processed by subcontractors may be transferred outside the European Union, including to the United States. In such cases, where transfers take place to countries not covered by an adequacy decision, Verso ensures that the relevant subcontractors implement appropriate legal, technical, and organisational measures to govern any transfer of personal data, in particular by using standard contractual clauses drawn up by the European Commission.

8. RIGHTS OF DATA SUBJECTS

8.1 The nature of the rights

In accordance with the Personal Data Rules, Data Subjects have the following rights over their personal data:

  • Right of access: any Data Subject may find out what personal data Verso holds about them and obtain a copy.
  • Right to rectification and erasure: any Data Subject may request that inaccurate or outdated personal data concerning them be corrected or deleted.
  • Right to object and to restriction of processing: any Data Subject may object to the way Verso processes their personal data, or request that processing be restricted, where possible and subject to any overriding legitimate grounds Verso may have to continue processing, such as legal obligations relating to anti-money laundering and counter-terrorism financing. You may also object at any time to receiving our commercial communications (i) by clicking the unsubscribe link in the footer of such communications, or (ii) by sending a message to the contact details provided below.
  • Right to withdraw consent: any Data Subject may withdraw their consent for processing carried out on that basis.
  • Right to data portability: any Data Subject may request that Verso send their personal data in a structured, commonly used, and machine-readable format for transmission to another data controller, where technically feasible.
  • Right to set instructions regarding personal data after death: any person may provide Verso with instructions regarding the fate of their data in the event of death, including whether or not to communicate their data to third parties.
  • Right to lodge a complaint with a supervisory authority: any Data Subject may contact the CNIL or any other competent supervisory authority if they believe Verso has failed to comply with the Personal Data Rules (information on how to contact the CNIL is available on their website).

8.2 Exercising rights

For any question relating to the processing of their personal data or to exercise their rights, Data Subjects may contact Verso at the following addresses:

  • By email: privacy@askverso.ai
  • By post: Verso, 3 boulevard de Sébastopol, 75001 Paris.

The exercise of rights under the Personal Data Rules is not unlimited (Verso is entitled not to respond to manifestly unfounded or excessive requests) and each right is subject to conditions imposed by those Rules. In particular:

  • Identity: any Data Subject must verify their identity and indicate the address to which they wish to be contacted.
  • Response time: requests are handled by Verso within a reasonable timeframe, taking into account complexity, the number of requests, and the Personal Data Rules.
  • Free of charge: the exercise of rights is in principle free of charge. In cases where a request would involve significant costs, the Data Subject may be required to bear those costs.

These requirements must be met; otherwise, requests may not be processed.

9. SECURITY MEASURES

Verso takes all necessary physical, logical, and organisational security measures to ensure a high level of personal data protection, and in particular to prevent data from being distorted, damaged, or disclosed to unauthorised parties. In the event of any change to the means used to ensure the security of personal data, Verso undertakes not to reduce the level of security.

10. AMENDMENTS TO THE PRIVACY POLICY

Verso may periodically update this privacy policy as the way in which personal data is processed may change due to the evolution of the Solution or applicable regulations.

In such cases, Data Subjects will be informed of updates either by email or through a notice in the Solution, at least fifteen (15) days before any material change to the Policy.