English Français
Privacy and cookies

Privacy Policy & Cookie Policy

Information about how Stern Tech collects, uses, stores and protects personal data, and how cookies are used across our websites and software services.

Last updated: December 28, 2025

1. Who we are

This Privacy Policy applies to the website https://stern.tech and to all software platforms and services operated by Stern Tech SAS, including:

Stern Tech SAS is a company incorporated under French law, with its registered office located in La Celle-Saint-Cloud, France.

For any data protection or privacy-related matter, you may contact us at:
dpo@stern.technology

2. Purpose of this Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored and protected when:

  • you browse our websites;
  • you create an account or use our services;
  • you are a candidate, driver, trainee, research participant, patient or user whose data is processed through our services.

3. Data Controller and Data Processor roles

3.1 Stern Tech as Data Controller

Stern Tech acts as a Data Controller for processing activities related to:

  • website browsing and cookies;
  • account creation and management;
  • billing and payments;
  • direct interactions with individual users;
  • candidates purchasing access to their own analysis results.

3.2 Stern Tech as Data Processor

Stern Tech acts as a Data Processor when processing personal data on behalf of professional clients, including in connection with:

  • recruitment decision support through Alex;
  • market research through Pegasus;
  • driver training and monitoring through WiseDriver;
  • health-related analysis through Shield;
  • interactive entertainment and game-related experiences through AnnaO.

In such cases, the client remains the Data Controller and is responsible for determining the purposes and means of the processing.

4. Categories of personal data processed

Depending on the context and the services used, Stern Tech may process the following categories of personal data:

  • identification data, such as name, email address and account credentials;
  • professional data, such as CV, experience, skills, training history and professional background;
  • behavioral and interaction data;
  • biometric data, where applicable, in particular in connection with WiseDriver;
  • health-related data within the meaning of Article 9 of the GDPR, where applicable, in particular in connection with Shield;
  • technical data, such as IP address, logs, device information and browser information.

5. Purposes and legal bases of processing

Personal data is processed only where legally permitted and for the following purposes:

Purpose Legal basis
Provision of services Performance of a contract
Account management Performance of a contract
Recruitment decision support Legitimate interest, where applicable and subject to the client’s legal obligations
Behavioral profiling without automated decision-making Legitimate interest, consent or another applicable legal basis depending on the context
Health-related data processing through Shield Explicit consent or another applicable legal basis under Article 9 of the GDPR
Driver training and safety Legitimate interest, contract or another applicable legal basis depending on the context
Website security Legitimate interest
Legal and regulatory compliance Legal obligation

6. Profiling and automated decision-making

Certain services may perform behavioral profiling within the meaning of Article 4(4) of the GDPR.

Stern Tech does not perform automated decision-making producing legal effects or similarly significant effects within the meaning of Article 22 of the GDPR.

All outputs are probabilistic and are intended solely to support human decision-making.

Final decisions, interpretations and actions remain under the responsibility of the relevant human decision-maker, client or user, as applicable.

7. Data hosting and subprocessors

  • This website is hosted by WordPress.com.
  • All other services are hosted exclusively within the European Union on Microsoft Azure infrastructure. Microsoft acts as an authorized sub-processor within the meaning of Article 28 of the GDPR. No personal data processed through these services is transferred outside the European Union, unless legally permitted and subject to appropriate safeguards.

8. Data retention

Personal data is retained only for as long as necessary, including for:

  • the duration of the contractual relationship;
  • the duration defined by the client, where Stern Tech acts as Data Processor;
  • applicable statutory limitation periods and legal compliance requirements;
  • Stern Tech recommends that personal data should not be retained for more than two years unless a longer retention period is legally required or justified by the context.

Personal data is securely deleted or anonymized once the applicable retention periods have expired.

9. Data security

Stern Tech implements appropriate technical and organizational measures designed to protect personal data, including:

  • access control and role-based permissions;
  • encryption where appropriate;
  • logging and monitoring;
  • restricted access to sensitive data;
  • security measures adapted to the sensitivity and risks associated with the processing.

For high-risk processing activities, including health data, biometric data and certain AI-related processing, Data Protection Impact Assessments (DPIAs) are carried out where required.

10. Cookie Policy

10.1 What are cookies?

Cookies are small text files stored on your device when you visit a website.
They allow the website to function properly, improve user experience, remember preferences and help ensure security.

10.2 Types of cookies we use

a) Strictly necessary cookies

These cookies are required for the website to function and cannot be disabled through our systems.

Examples include:

  • session management;
  • authentication;
  • security tokens.

Legal basis: legitimate interest.

b) Functional cookies

These cookies allow the website to remember your preferences, such as language settings or login status.

Legal basis: consent, where required.

c) Security cookies

These cookies are used to detect malicious activity, prevent fraud and protect accounts and services.

Legal basis: legitimate interest.

10.3 Cookies used by third parties

Some services may rely on trusted third-party providers, including hosting, payment-processing or security providers.
Such providers may place cookies that are strictly necessary for the operation of their services.

Stern Tech does not use advertising or behavioral tracking cookies for commercial advertising purposes.

10.4 Cookie management

You may manage or disable cookies through:

  • your browser settings;
  • the cookie consent banner displayed upon your first visit, where applicable.

Please note that disabling certain cookies may affect website functionality.

11. Your rights

Depending on your situation and subject to applicable legal conditions, you may have the right to:

  • access your personal data;
  • rectify inaccurate or incomplete data;
  • request erasure of your personal data;
  • restrict processing;
  • object to processing;
  • request data portability;
  • withdraw your consent where processing is based on consent;
  • lodge a complaint with a competent supervisory authority.

Requests may be addressed to the relevant Data Controller or to:
dpo@stern.technology

12. Third-party content and links

Our websites may include links to, or embedded content from, third-party websites.
Stern Tech is not responsible for the privacy practices, content or security of such third-party websites.

13. Changes to this policy

We may update this Privacy & Cookie Policy from time to time.
The latest version will always be made available on our website.

14. Contact

For any privacy, data protection or cookie-related inquiry, please contact:
dpo@stern.technology

Stern Tech develops behavioral artificial intelligence software designed exclusively to support human decision-making. No automated or autonomous decision-making is performed.