A modular offer, simple and constraint-free

The GDPR prohibits the collection and use of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of genetic data, biometric data allowing for the unique identification of a person, health information, or data related to an individual's sexual life or sexual orientation.

However, there are exceptions to this prohibition, including:

• If the data subject has given explicit consent, which must be free, specific, informed, and preferably in writing.
• If the information has been manifestly made public by the data subject.
• If this data is necessary for the protection of human life.
• If its use is justified by a public interest and authorized by the CNIL.
• If it concerns members or affiliates of an association or political, religious, philosophical, or trade union organization.

• Inform the data subjects clearly and accessibly about the use of their data (purpose, retention period, rights, etc.).
• Justify a legal basis for each processing (consent, contract, legitimate interest, etc.).
• Respect the rights of data subjects (access, rectification, erasure, objection, etc.).
• Ensure the security of personal data: appropriate technical and organizational measures must be implemented to protect data against risks of loss, unauthorized access, or disclosure.
• Document all processing activities in a record, especially starting from 250 employees or in the case of sensitive or non-occasional processing.
• Notify data breaches to the CNIL (or other competent authority) within 72 hours, and sometimes, to the affected data subjects.
• Frame relationships with subcontractors through formalized contracts, to ensure their compliance with GDPR requirements and clarify each party's responsibilities.

The three main principles of the general data protection regulation are:

1. Transparency, fairness, and legality: Personal data must be collected and processed in a transparent, lawful, and fair manner. This involves informing the data subjects about how their data will be used and ensuring that they provide informed consent.
2. Data minimization: Only the data necessary for the specific purpose should be collected. This principle encourages companies to limit the amount of personal data they process, thereby reducing risks to individuals' privacy.
3. Security and confidentiality: Personal data must be protected against unauthorized access, processing, or disclosure. Companies must implement technical and organizational measures to ensure the security of the personal data they process.

The consent management platform is marketed as a dedicated module. Depending on the number of visitors to your website, the subscription fee will vary. See our pricing page or contact us for more information.

A cookie banner is essential as soon as you store or access information on a user's device, regardless of the technology used. As soon as non-essential trackers are used — such as those for targeted advertising, audience measurement with identifiable data, or personalization — you must inform the user and obtain their prior consent.

Cookies can be classified into several categories:

1. strictly necessary cookies
2. performance cookies
3. functionality cookies

The ePrivacy Directive 2002/58/EC, amended in 2009, often referred to as the "Privacy and Electronic Communications Directive", is an initiative of the European Commission aimed at ensuring the confidentiality of communications and protecting users against certain intrusive practices in the digital realm. It is transposed differently in each Member State (in France, through the Data Protection Act, particularly regarding cookies and direct marketing).

The AI Act is marketed in a dedicated or complementary module of the Privacy offerings. Depending on the number of employees in your company, the subscription amount will vary. Please consult our pricing page or contact us to learn more.

The approach to AI systems is based on a risk assessment. The regulatory framework defines four categories of risk for artificial intelligence systems (AIS), with varying levels of regulation depending on the different levels of the pyramid.

• Unacceptable risks
• High risks
• Limited/Moderate risks
• Minimal or no risks

The AI Act aims to create a harmonized legal framework in the EU to ensure that artificial intelligence systems are safe, transparent, ethical, and respect fundamental rights. More specifically, it has the following objectives:

• Protect citizens against the use of AI deemed dangerous or intrusive (e.g., mass surveillance, behavioral manipulation)
• Regulate high-risk systems with strict obligations for transparency, human oversight, data quality, and documentation
• Promote trustworthy innovation by providing a clear framework for AI developers and companies
• Enhance public and professional user trust in AI

The AI Act, or Regulation on Artificial Intelligence, is a regulation developed to regulate and encourage the development as well as the marketing of artificial intelligence systems within the European Union. Proposed by the European Commission in April 2021, the AI Act came into effect on July 12, 2024, after three years of negotiations.

Distinction between AI Model and AI System

Understanding the distinction between an AI model and an AI system is important for anyone interested in artificial intelligence, whether for developing new technologies or using them.

AI models are the fundamental components that perform specific tasks, while AI systems integrate these models into complete and functional solutions to address practical needs.

By recognizing these differences, one can better appreciate the complexity and scope of AI applications in various fields.

AI Model

An AI model is a central component of artificial intelligence. It is a mathematical or statistical representation of a specific problem, developed from data.

AI models are trained to recognize patterns, make predictions, or make decisions based on data.

The most common types of AI models include neural networks, decision trees, support vector machines, and regression models.

Examples of AI models include:

• Deep neural networks: Used for tasks such as image recognition or natural language processing.
• Decision trees: Used for classification and regression.
• Regression models: Used to predict continuous values.
• Linear regression: Used to predict future stock prices based on past prices and other information. Analyzes materials, machines, and time-based data to improve production processes.
• Random forest: Helps explain cases where treatments may have unintended effects or negative outcomes.
• Naive Bayes: Can predict real-time customer preferences based on their browsing behavior or purchase history.

The AI model is somewhat like the brain of AI. It is built and optimized through a training process, where it learns from historical data to improve its accuracy and efficiency.

AI System

An AI system is a broader and more complex application that integrates one or more AI models to accomplish a specific task.

It encompasses not only AI models but also the necessary components to collect, process, and analyze data, as well as interact with users.

In other words, an AI system is a complete solution that implements AI models within an operational framework.

Components of an AI system include:

• AI Models: Algorithms trained to perform predictions or analysis.
• Data Collection and Processing: Processes for gathering and preparing data for the model.
• User Interface: Means by which users interact with the system, such as web or mobile applications.
• Infrastructure: The hardware and software necessary to operate the system, such as servers and databases.

Example of an AI system includes:

• Virtual Assistant: Like Siri or Alexa, which use multiple AI models for speech recognition, natural language understanding, and generating responses, while integrating databases and user interfaces to interact with users.
• Recommendation Systems: Used by platforms like Netflix or Amazon to suggest content or products, incorporating collaborative filtering models and user data processing.

Key Differences between AI Model and AI System

1. Scale and Complexity:

   • AI Model: is a specific component focused on a precise task such as prediction or classification.
   • AI System: is a use case that integrates multiple components, including AI models, training data, to solve a problem or provide a service.

2. Components:

   • AI Model: Only includes the algorithm.
   • AI System: Includes infrastructure for deployment, user interfaces, data management, and AI models.

3. Functionality:

   • AI Model: Provides an output based on data analysis.
   • AI System: Uses this output to interact with users or other systems, often in real-time.

Register of AI Systems in Dastra

List your AI use cases and identify associated risks within Dastra.

In order to cancel your subscription, please contact us adding any information that can help us identify your subscription (company name, etc).

The Dastra work environment is deployed immediately after the creation of the entity.

Yes, we offer subscriptions dedicated to large structures (large and medium-sized companies) composed of several legal entities.

Dastra is particularly well suited for corporate groups, either centralized with a single location for entity management and shared repositories, or decentralized.

Please contact us if you would like to know more information on how Dastra can help your specific organization.

The trial offer is for a period of one (1) month. After that, you can contact us directly to extend it if you need it.

Yes!

With DASTRA, you can connect yourself your own data hosting solution to host the documents stored in the application. This includes all documents stored in the document management system and documents stored in the rights management system.

You have control over the security of this hosting. The files remain under your control.

Today, we can connect Amazon S3 and Azure Blob Storage. Other services can be developed on demand, please contact us if you have a question regarding this topic.

Yes, in part !

We have completed a compliance audit of the General Accessibility Guidelines for the Administration (RGAA).

Our cookie choice management widget is fully compliant with the RGAA.

We have made the necessary changes to the source code to comply with accessibility standards.

Thus, the use of the widget and its appropriate configuration will maintain compliance with the standard for the site that hosts the widget.

More information about this standard: https://www.numerique.gouv.fr/publications/rgaa-accessibilite/

When your subscription expires and without renewing your contract, you will no longer be able to access or modify the information contained in your space. The information is deleted within a reasonable time (maximum 2 months).

We apply strict security measures to our environment, both at the application and development levels.

We maintain a technical watch and have our solution regularly audited in order to provide the maximum guarantees on the security of the data you entrust to us.

You can find out more on our page dedicated to security.