Privacy Policy

PRIVACY POLICY & COOKIE POLICY

Last Updated: December 28, 2025

1. WHO WE ARE

This Privacy Policy applies to the website https://stern.tech and to all software platforms and services operated by Stern Tech SAS, including:

Stern Tech SAS is a company incorporated under French law, with its registered office located in La Celle Saint-Cloud, France.

For any data protection or privacy-related matter, you may contact:
📧 dpo@stern.technology

2. PURPOSE OF THIS PRIVACY POLICY

This Privacy Policy explains how personal data is collected, used, stored, and protected when:

  • you browse our websites,
  • you create an account or use our Services,
  • you are a candidate, driver, trainee, research participant, or patient whose data is processed through our Services.

3. DATA CONTROLLER AND DATA PROCESSOR ROLES

3.1 Stern Tech as Data Controller

Stern Tech acts as Data Controller for processing related to:

  • website browsing and cookies,
  • account creation and management,
  • billing and payments,
  • direct interactions with individual users,
  • candidates purchasing their own analysis results.

3.2 Stern Tech as Data Processor

Stern Tech acts as Data Processor when processing personal data on behalf of professional clients, including for:

  • recruitment decision support (Alex),
  • market research (Pegasus),
  • driving training and monitoring (Wisedriver),
  • health-related analysis (Shield).

In such cases, the client remains the Data Controller.

4. CATEGORIES OF PERSONAL DATA PROCESSED

Depending on the context and Services used, Stern Tech may process:

  • identification data (name, email address, account credentials),
  • professional data (CV, experience, training history),
  • behavioral and interaction data,
  • biometric data (Wisedriver),
  • health-related data within the meaning of Article 9 GDPR (Shield),
  • technical data (IP address, logs, device and browser information).

5. PURPOSES AND LEGAL BASES OF PROCESSING

Personal data is processed only where legally permitted and for the following purposes:

PurposeLegal Basis
Provision of ServicesPerformance of a contract
Account managementPerformance of a contract
Recruitment decision supportLegitimate interest
Behavioral profiling (non-automated)Legitimate interest
Health data processing (Shield)Explicit consent or applicable legal basis
Driving training & safetyLegitimate interest
Website securityLegitimate interest
Legal complianceLegal obligation

6. PROFILING AND AUTOMATED DECISION-MAKING

Certain Services perform behavioral profiling within the meaning of Article 4(4) GDPR.

Stern Tech does not perform automated decision-making producing legal or similarly significant effects within the meaning of Article 22 GDPR.

All outputs are probabilistic and intended solely to support human decision-making.

7. DATA HOSTING AND SUBPROCESSORS

  • This website is hosted by WordPress.
  • All other Services are hosted exclusively within the European Union on Microsoft Azure infrastructure.
    Microsoft acts as an authorized sub-processor within the meaning of Article 28 GDPR.
    No personal data is transferred outside the European Union.

8. DATA RETENTION

Personal data is retained only for as long as necessary, including:

  • duration of the contractual relationship,
  • duration defined by the client (where Stern Tech acts as Data Processor),
  • statutory limitation and compliance periods.
  • Stern Tech advises against retaining personal data for more than two years.

Data is securely deleted or anonymized once retention periods expire.

9. DATA SECURITY

Stern Tech implements appropriate technical and organizational measures, including:

  • access control and role-based permissions,
  • encryption where appropriate,
  • logging and monitoring,
  • restricted access to sensitive data.

For high-risk processing (health, biometrics, AI systems), Data Protection Impact Assessments (DPIA) are carried out where required.

10. COOKIE POLICY

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website.
They allow the website to function properly, improve user experience, and ensure security.

10.2 Types of Cookies We Use

a) Strictly Necessary Cookies

These cookies are required for the website to function and cannot be disabled.

Examples:

  • session management,
  • authentication,
  • security tokens.

Legal basis: Legitimate interest.

b) Functional Cookies

These cookies allow the website to remember your preferences (e.g., language, login state).

Legal basis: Consent, where required.

c) Security Cookies

Used to detect malicious activity, prevent fraud, and protect accounts.

Legal basis: Legitimate interest.

10.3 Cookies Used by Third Parties

Some Services may rely on trusted third-party providers (e.g., hosting, payment processing).
Such providers may place cookies strictly necessary for their services.

Stern Tech does not use advertising or behavioral tracking cookies.

10.4 Cookie Management

You may manage or disable cookies via:

  • your browser settings,
  • the cookie consent banner displayed upon your first visit.

Please note that disabling certain cookies may affect website functionality.

11. YOUR RIGHTS

Depending on your situation, you have the right to:

  • access your personal data,
  • rectify inaccurate data,
  • request erasure,
  • restrict processing,
  • object to processing,
  • request data portability,
  • lodge a complaint with a supervisory authority.

Requests may be addressed to the relevant Data Controller or to:
📧 dpo@stern.technology

12. THIRD-PARTY CONTENT AND LINKS

Our websites may include links or embedded content from third-party websites.
Stern Tech is not responsible for the privacy practices of such third parties.

13. CHANGES TO THIS POLICY

We may update this Privacy & Cookie Policy from time to time.
The latest version will always be available on our Website.

14. CONTACT

For any privacy, data protection, or cookie-related inquiries:
📧 dpo@stern.technology