Who is the data controller of your personal data?

Acts as an independent data controller in the context of the processing of your personal data (i.e., it determines the purposes and means of the processing of your information): GIE AXA, a European Economic Interest Grouping, organized under French law, with its registered office at 23 Avenue Matignon, 75008 Paris, registered with the Registry of Commerce and Companies of Paris under the number 333 491 066.

The data controller is referred to in this notice as "AXA" or "the Data Controller" or "We" or “Us”.

Update of the present policy on the protection of your personal data

The Data Controller may update this Privacy Notice from time to time in response to changing legal, technical, or business developments. When the Data Controller updates this privacy notice, the Data Controller will take appropriate measures to inform you, consistent with the significance of the changes the Data Controller makes. The Data Controller will obtain your consent to any material privacy notice changes if and where this is required by applicable data protection laws. This Privacy Notice was last updated on July 20, 2022.

What are your rights to your data?

In accordance with the French "Informatique et Libertés" law n° 78-17 of 6 January 1978 and the GDPR, you have the right to:

  • Access to your personal data: you have the right to request access to the personal data We process about you, and to obtain a copy of that data,
  • Rectify your personal data: you have the right to ask Us to rectify or complete the personal data that We process about you that are inaccurate, incomplete, or not up to date,
  • Request the limitation of the processing of your personal data: you have the right to ask Us to limit the processing of your personal data. This means that the Data Controller may simply keep your data but may not process or use it in any other way,
  • Decide what happens to your personal data after your death: you have the right to give Us instructions as to how your personal data should be used after your death.  

Based on the legal basis for the processing of your personal data, you have also the right to:

  • Request the deletion of your personal data: you have the right to ask Us to delete your personal data,
  • Right to portability of your personal data: you have the right to receive the personal data you have provided to Us in a suitable format and have the right to transfer that data to another data controller without Us interfering but only where the processing is based on your consent,
  • Withdraw your consent at any time by contacting the DPO at the following address: privacy@axa.com, but only where the processing of your personal data is based on your consent,

Where the processing of your data is based on Our legitimate interests:

  • You also have the right to object at any time, but only where the processing of your data is based on the Data Controller's legitimate interest(s), to the processing of your personal data, unless the Data Controller can demonstrate the need for further processing or where such data is necessary for the establishment, exercise, or defense of legal claims.
  • Furthermore, information on the balancing test can be obtained on request by contacting the following address: privacy@axa.com.

In any case, you have the right to object to the marketing of your personal data.  Please note that AXA Group does not market your personal data.

How to contact the DPO or exercise your rights?

If you have any questions, complaints, or comments regarding this information notice or to exercise your rights listed above, please contact the DPO. The contact details are as follows:

The Data Controller may ask you for additional information to confirm your identity and/or to assist AXA to locate the data you are seeking.

How to make a complaint to a Supervisory Authority?

You have the right to raise concerns about how your personal data is being processed with a competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place where you think an alleged infringement to your rights occurred. In France, the data protection authority is the Commission Nationale de l'Informatique et des Libertés, or “CNIL” whose postal address is 3 place de Fontenoy - TSA 80715 – 75334 Paris CEDEX 07. Its website is accessible here: https://www.cnil.fr/

How do we ensure the security of your personal data?

The Data Controller uses appropriate technical and organizational measures designed to protect the personal information about you. The measures the Data Controller uses are designed to provide a level of security appropriate to the risk of the processing activity of your personal information, in line with AXA standards.

Is the provision of your personal data mandatory?

Whether or not you are required to provide your personal data to AXA will be indicated to you at the time of collection (for example, by an asterisk on the collection form). If you choose not to provide your personal data when requested, you may not be able to receive newsletters and/or send Us information requests or queries.

Is an automated decision made in the context of this processing?

No automated decisions are made for the processing described in this Privacy Policy.

For what purposes and in what way is your personal data processed?

Your personal data is processed for the different purposes listed in the table below. You will also find in the table below, for each purpose, the relevant information relating to the processing of your personal data.

How do We use cookies and other tracking technologies?

What are cookies?

A cookie is a small data file (text file) that a website, when viewed by you, asks your browser to store on your device to remember information about you, such as your language preferences or login information. For more information, you can consult the CNIL website here.

AXA deposits cookies directly on your terminals and equipment only on axa-research.org. This website asks you whether you accept or refuse to accept cookies. For more information about the use of cookies and other tracking technologies by AXA, please consult the relevant AXA Cookies Policy, by clicking on the link below: link to axa-research.org Cookies Policy.

Where do your personal data come from?

Most of the personal data We process is collected directly from you, whenever you fill out a form on axa-research.org. Where your personal data is not obtained directly from you, the personal data We process comes from the cookies deposited on your device if you have accepted their deposit.

To whom do we disclose your personal data?

The Data Controller communicates your personal data only to identified and authorized recipients. The identified recipients mentioned above are:


  • The following departments of GIE AXA: the AXA Research Fund and any department likely to be able to respond to one of your requests.
  • The local entity of the AXA Group: AXA GO for maintenance purposes.


Acting as processors of AXA (i.e., these recipients only act on Our instructions):

  • Service provider for the management of messages received via the contact form available on axa-research.org and the management of newsletters: Serum & Co.

Acting as independent data controllers (i.e., these recipients determine the purposes and means of processing:  

  • Our counsel, including our lawyers, insurers, reinsurers, brokers, auditors,
  • Any competent authority (including courts, judicial or administrative authorities, ACPR, French tax authorities),
  • Any potential buyer or partner, in the case that the Data Controllers take part in a merger, acquisition or other form of asset transfer. The Data Controllers undertake to ensure an adequate level of protection if your personal data is transferred to potential buyers or selected partners in the context of this transaction.

For all these stakeholders, please refer to their own privacy policy.

Is your personal data transferred outside the European Union?

These recipients are located within the European Union (EU).