Last updated: 15.12.2025
This Privacy Policy explains how Affina SAS ("we", "our", "us") collects, uses, stores, and shares personal data when you interact with our business incubation program, website, and related services (the "Services").
We are committed to protecting your privacy and processing personal data in a transparent and lawful manner, in accordance with the General Data Protection Regulation (GDPR), French Data Protection Act (Loi Informatique et Libertés), and applicable international privacy principles.
Controller: Affina SAS
Registered address: 50 Av. des Champs Elysees, 75008 Paris, France
SIREN: 940 979 263
Email: [email protected]
For GDPR purposes, Affina SAS acts as the data controller.
We collect only the data necessary to operate our incubation program.
We understand that your business ideas are your most valuable asset.
Personal Data (e.g., your name, email) is protected under this Privacy Policy and GDPR.
Business Information (e.g., your pitch deck, financial projections, trade secrets) is treated as confidential information. While not technically "personal data" under GDPR, we apply strict confidentiality measures to protect your Intellectual Property (IP). We do not share your business secrets without your authorization (e.g., for introductions to investors).
We use cookies and similar tracking technologies to track activity on our Service and hold certain information.
Essential Cookies: Necessary for the website to function (e.g., security, session management).
Analytics Cookies: We use tools (such as Google Analytics) to help us understand how our website is used. These cookies collect information anonymously. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
We use your data strictly for purposes related to our incubation services, including:
We do not sell personal data.
We process personal data based on one or more of the following legal grounds:
Contractual Necessity (Pre-contractual measures): When you submit an application, we process your data to evaluate your suitability for entering into our incubation agreement.
Legitimate Interest: To manage our programs, prevent fraud, and maintain our alumni network.
Legal Obligation: Where required by French or EU law (e.g., accounting or tax records).
Consent: For specific actions like subscribing to our newsletter (which you can withdraw at any time).
We may share limited personal and business-related data only when necessary with trusted partners.
Recipients may include:
Mentors and Investors: Once we introduce you, they may act as independent Data Controllers of the information you share with them.
Service Providers: Third-party tools supporting our operations (e.g., cloud hosting, CRM systems, email providers).
Safeguards: All partners and providers are strictly vetted to ensure they maintain confidentiality and appropriate security measures in compliance with GDPR.
Your data may be processed outside of France, including in the USA or UK. To ensure your data remains protected when transferred outside the European Economic Area (EEA), we rely on:
The EU-US Data Privacy Framework (DPF): For US-based providers (like Google, Microsoft, or HubSpot) that are certified under the DPF.
Standard Contractual Clauses (SCCs): For other international transfers, we implement the European Commission's Standard Contractual Clauses to guarantee GDPR-level protection.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.
Unsuccessful Applicants: We retain application data for 2 years after the decision date to consider you for future cohorts or opportunities, unless you request earlier deletion.
Program Participants: Data is retained for the duration of the program plus 5 years to comply with legal obligations and limitation periods.
Marketing/Newsletter: We retain contact details for 3 years from your last interaction with us, or until you unsubscribe.
Under GDPR and French law, you have the right to:
Supervisory Authority: If you believe your rights have been violated, you have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) in France (www.cnil.fr) or your local data protection authority.
For users located in the United States:
No Sale of Data: We do not sell your personal information.
Do Not Track: We respect "Do Not Track" (DNT) browser signals.
Rights: We extend the rights of access, correction, and deletion to all users regardless of location.
We use reasonable administrative, technical, and organizational measures (including encryption and access controls) to protect personal data against unauthorized access, loss, or misuse.
Our website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review the privacy policies of those third parties.
We may update this Privacy Policy from time to time. The latest version will always be available on our website with an updated date.
If you have questions about this Privacy Policy or your data, please contact us at:
Affina SAS
Email: [email protected]
Mail: 50 Av. des Champs Elysees, 75008 Paris, France