PRIVACY POLICY

V2.0 - Oct 18th, 2022

Introduction

Wave, a company offering coaching services (the “Services”) as detailed in its General Terms and Conditions of Use and Sale (“GTCS”), values the privacy and data protection of its users and clients (“You”). The GTCS is accessible on its Site and Application via: https://www.wave.ai/terms.

During its provision of Services, Wave collects and processes personal data from You through the Application and other means. Adhering to data protection legal provisions under both European and French law is of utmost importance to Wave. This includes compliance with the French Data Protection Act (no 78-17 of 6 January 1978) and the General Data Protection Regulation (no 2016/679 of the European Parliament and of the Council of 27 April 2016) (collectively referred to as the “Data Protection Laws”).

This Privacy Policy aims to inform You of how Wave utilizes your personal data and the measures taken to protect it in compliance with the Data Protection Laws. For any inquiries or concerns about the use of your personal data, you can reach us at dpo@wave.ai.

By accessing and using our Site, Application, and Services, you consent to the use of your personal data by Wave as described in this Privacy Policy. If you disagree with any part of this Privacy Policy or its updates, please refrain from using our Site, Application, and Services. Please note that hyperlinks may lead to third-party websites with their own privacy and cookie policies, which we advise you to read. Wave is not responsible for personal data collection and processing by these third parties.

1 • Data Controller

Wave, a simplified joint-stock company under French law, with its registered office at 65 rue de la Croix, 92000 Nanterre, France, and registered with the Nanterre trade and companies register under number 881 114 037, serves as the data controller.

For any inquiries regarding your personal data, please contact us at dpo@wave.ai.

2 • Data Subjects

Wave collects and processes personal data from the following individuals:

  • “Prospect”: an individual potentially interested in Wave Services;
  • “Visitor”: an individual visiting our Site;
  • “Client”: an individual who has received a registration confirmation for Wave Services via email or a separate agreement with Wave;
  • “User” or “You”: refers to any of the aforementioned individuals.


3 • Collected Personal Data

Wave is committed to minimal data collection, processing only what is necessary to provide the Wave Services. Data collection usually occurs directly from You.

For Prospects or Site Visitors, we may collect:

  • Identification information: name, email address, requests for information or documentation;
  • Site usage details: tracking and aggregating your Site interactions, IP address, operating system, browser software, and cookie information.

For Wave Clients, we may collect:

  • Identification and billing information: necessary for registration and payment, including your name, address, email, company name, IP address, browser software, application login data, and cookie information;
  • Public contextual company information: publicly available data like funding stage, industry, number of employees (”Company Public Data”);
  • Coaching contextual information: voluntarily shared information during coaching, like your position, number of managed employees, development areas, objectives, feelings, and any shared documents or app entries (your “Coaching Story”).

Wave endeavors to pseudonymize information whenever possible to maintain confidentiality and security.

4 • Key Principles and Ethical Commitment

Wave ensures that all personal data is:

  • Processed fairly, lawfully, and transparently;
  • Used for the purposes collected;
  • Stored securely and confidentially;
  • Updated regularly.

At the time of data collection, we segregate your Coaching Story from identification, billing, and Company Public Data to ensure anonymity in our coaching supervision team's access. Standard identifiers like your name will be obfuscated, and any additional voluntary information will undergo pseudonymization. Our coaching team accesses only pseudonymized data.

We ensure the highest security measures, including encryption, firewalls, regular backups, software updates, and employee training in data confidentiality.

Wave is continuously improving its confidentiality and security practices and has established a special committee, comprising employees and external professional coaches, to review and challenge our practices and Privacy Policy.

5 • Data Collection and Processing Purposes

Wave collects and processes your personal data based on legal grounds including contract performance, your consent, our legitimate interests as a data controller, legal obligations, or the defense of our rights and interests.

We use your personal data to:

  • Provide and improve Wave Services;
  • Respond to your information requests;
  • Understand user interest in our Services;
  • Improve Site navigation and prevent fraudulent or inappropriate activities;
  • Identify you as a Wave account holder;
  • Communicate with you regarding Services;
  • Process billing for our Services;
  • Gain insights to enhance our Services and performance.

No personal data is collected or processed without your knowledge or for undisclosed purposes.

6 • Data sharing

Wave may share your personal data with:

  • Internal services (commercial, marketing, administrative, technical, legal) on a need-to-know basis, with all employees bound by confidentiality agreements;
  • Service providers and partners assisting us, including:
  • Amazon AWS: For data storage;
  • OpenAI: For Gen-AI model conversations in our Application;
  • Auth0: For identity verification;
  • Google Workspace (Gmail): For email interactions;
  • Notion: For documenting user research feedback;
  • Brevo: For marketing email campaigns;
  • Stripe: For payment processing;
  • Tally: For form creation, feedback collection, and result gathering;
  • Refiners: For in-app form feedback and satisfaction collection.

We ensure adequate protection levels in line with Data Protection Laws and will notify CNIL and/or affected individuals in case of any data security breach.


7 • Data Security

Wave maintains a secure environment for your Data, employing encryption, firewalls, regular backups, software updates, and employee training to ensure data confidentiality and compliance with Data Protection Laws.

8 • Data Retention Period

Wave retains your personal data as long as necessary to provide our coaching services, offering access to your Coaching Story and shared content during and up to one year after your subscription ends. Post-subscription, data retention periods vary based on commercial, legal, and administrative purposes or for statistical and machine learning purposes.

9 • Your Rights

Wave ensures you are aware of your data protection rights under the Data Protection Laws, including the right to access, rectification, erasure, restriction of processing, objection to processing, withdrawal of consent, and data portability. For any requests or concerns, contact us or CNIL.

10 • Contact information

To exercise your data rights or for any inquiries about your personal data usage by Wave, contact our DPO at dpo@wave.ai or by writing to the address in the “Data Controller” section.

Be your best.
At work. In life.

Copyright © 2023 Wave