Data Protection Policy
Article 1 : Scope of Application This privacy policy (hereafter referred to as the ‘policy’) applies to any person (hereafter referred to as the ‘user’) who (i) acesses the website https://www.champseedfoundation.com/ (hereafter referred to as the ‘site’), (ii) creates a private member’s area on the site, (iii) proceeds with the conclusion of a provision of services contract from the site in order to receive or allow someone else to receive services provided by the simplified joint-stock company MOURATOGLOU ACADEMY, 37, rue de la Pérouse 75016 Paris (hereafter referred to as ‘MA’). It also applies to any person who receives services as a player.
MA, as the party responsible for processing data, agrees and shall endeavour to protect the privacy of users and players in accordance with the applicable legal requirements, in particular the 27th April 2016 regulation no. 2016/679 relating to the protection of actual people with regard to the processing of data of a personal nature and the free flow of this data (hereafter referred to as the ‘General Data Protection Regulation’ or ‘GDPR’) and the 6th January 1978 law no. 78-17 relating to Information Technology, computer files and civil liberties (known as the ‘French Information Technology and Civil Liberties Act’), collectively referred to as the ‘applicable regulations’.
The main objective of the policy is therefore to inform users as best as possible about the way in which MA handles and protects their personal data that it collects within the context of the provision of the site and the supply of services to users and players.
Unless otherwise stated within this privacy policy, the terms which are set out within the general terms and conditions will have the same meaning in the privacy policy.
Article 2 – Minors
As is set out in the General Terms and Conditions of Sale (hereafter referred to as the ‘T & Cs’), users must be over the age of 18 in order to be able to validly sign a contract in order to benefit from the services which are on offer on the site.
Article 3 – Data collected by MA
3.1. Data which users give to MA
MA processes the data which it is given by the user via the site, and/or via the registration form for services, in particular during the following operations:
- during the creation, administration and use of the user’s member area on the site
- during the provision of services by MA and in particular when reserving lessons via the site, and during the course of lessons undertaken by the user or the player
- during participation in promotional offers, competitions or sponsorship transactions
- when the user contacts customer service or any other contact made with MA’s departments
In doing so, MA may be required in particular to gather and process the following personal data categories regarding the user and the player:
- identity : name, surname, title, gender, date of birth, nationality
- contact details: telephone number, e-mail address
- the user’s login details : username and password
- the user’s payment information and/or banking information – bank details, billing information
- data relating to the device allowing access to and use of the site : technical information regarding the operating features and data of the user’s device, service provider, operating system, IP address
- data relating to reservations of lessons, particularly with respect to dates and type of lesson
- data relating to level of language in French and in English
- data relating to playing tennis, specifically the ranking of the user and player, the year they started playing, the number of hours spent playing weekly, the number of tennis matches played per year
- whether they have taken out cancellation insurance or not
- any other information directly and willingly provided by the user and/or the player, and this relates in particular to the content of e-mails or messages sent.
3.2. Data gathered through the use of cookies
3.2.1. What are cookies?
The site is likely to use cookies depending on the preferences you will have stated when logging onto the site for the first time or at any point thereafter.
Cookies are small files which are stored on the user’s computer or on any communications device used by the user (telephone, tablets etc.) when they browse the site. These files enable the exchange of status information between the site and the user’s browser. This data is likely to reveal the type of browser being used, the data and time of the visit, the IP address, as well as the activities carried out on the site. This data allows MA to remember the user during their successive uses of the site, and to record their clickstream data:
- in order to remember their user login details to the member’s area
- in order to improve security, quality of services and navigation on the site
- for analysis and statistics purposes, and measuring numbers of visitors to the site
- in order to send and display targeted advertisements
3.2.2. What types of cookies are used on the site ?
MA uses the following types of cookies on its site :
- Cookies which are strictly necessary :
These cookies are essential in order to allow you to browse the site and to use its features. Without these cookies, services that you have asked for such as the saving of your login details and the features linked to your member’s area cannot be guaranteed. These cookies also memorise choices that you make, such as the country you are visiting our site from, for example. They can therefore be used in order to provide you with an experience that is better suited to your choices, and ensure your visits to the site are more enjoyable and tailored to you (such as site language and the display of the site’s pages which is best suited to your device).
For these types of cookies, your consent is not necessary.
- Cookies measuring numbers of visitors to the site
Google Analytics :
The site also uses Google Analytics in order to track the site’s performance and enable MA to enhance your online experience. These cookies collect information about the ways the site is being used by users in order to gather information such as users’ frequency of visits onto the site, the pages they visit, and the other sites they have visited before going onto the site. The information that we obtain through Google Analytics is used solely with the aim of improving the site and the services being offered. If you do not wish for Google Analytics to track the activities you carry out across all websites, please go to the following site: http://tools.google.com/dlpage/gaoptout.
3.2.3. How do I configure the storing of cookies ?
The prior consent of the user is required before any accessing or storing of cookies which are not strictly necessary for the smooth running of the site, which on the current site is namely cookies measuring the numbers of visitors.
In accordance with the National Commission on Information Technology and Civil Liberties (CNIL) recommendations on this subject, MA gathers the user’s consent by means of a platform which is accessible both during their initial navigation of the website and at any time thereafter by means of a blue button entitled ‘Privacy’.
This platform allows the user:
- to directly accept the storing of all types of cookies; or
- to directly refuse the storing of all types of cookies for which consent is compulsory; or
- to carefully choose the purposes of cookies for which the user wishes to give or refuse their consent; and/or
- to carefully choose each of MA’s partners who shall be able to use those cookies with purposes for which they wish them to be used.
Article 4 – Use of users’ data
As the party responsible for data processing, MA collects users’ personal data in a fair and lawful way, and respects their rights as they do so.
Information gathered by MA, including personal data, is used for the following purposes:
- Managing the process for the creation of the user’s member area, and managing the aforesaid area
- Processing payments, managing invoicing and accounting
- Managing the user’s subscription to information letters and business marketing messages from MA
- Managing the site and its operating features (including logistical features), resolving any technical issues, improving and developing new features according to the use of the site, and/or feedback and requests from users
- Carrying out statistical analysis
- Responding to requests from users and communicating with them, especially in order to ask them their opinion on the service provided by MA and on the significant changes and developments in the services being offered by MA
- Applying the legislation, the regulations currently in effect and the T & Cs.
MTA is also likely to use the user’s personal data in order to send them marketing messages (such as the sending of information related to the launch of new services, the organising of promotional events, and marketing activities of all kinds). The user can expressly and freely choose whether they give their consent or not to their personal data being collected and processed for marketing purposes by way of a checkbox.
Finally, the user has the option of registering their contact details with the Bloctel opt-out system managed by Opposetel. Bloctel is an opt-out list against cold calling onto which any consumer can register in order to no longer receive nuisance telephone calls by a professional with whom they do not have a current contractual relationship.
You can find all of the information relating to the steps to be taken in order to sign up to this opt-out list via the following link: https://conso.bloctel.fr/
Article 5 – Legal bases for processing data
Data processing carried out within the context of the provision of services being offered on the site, and more broadly at the club by MA can be:
- necessary in the execution of a contract linking the user to MA, or in the execution of pre-contractual measures: this relates notably to data processing where the objective is the management of the process of creating and managing the user’s member area, the supply of services, payment processing, answering requests for information via the ‘Contact Us’ form, or more generally when any contact is made
- based on MA’s legitimate interests (in particular its economic interests) : this relates notably to data processing where the objective is managing the site and its operational features (including logistical features), the resolution of any technical problems, the improvement and development of new features in accordance with the way users use the site and/or feedback or requests from them, compiling statistics and lastly the sending of marketing messages. Indeed, this data processing plays a role in the improvement of services being offered by MA and thus benefit both MA and the user without infringing upon users’ fundamental interests, rights and civil liberties.
It should also be noted that for operations involving marketing messages and the placing and reading of cookies, the user’s consent is specifically obtained when it is required by the applicable regulations and the user has at all times the right to opt out of this.
- necessary in order to respect a legal obligation: this relates in particular to data processing with the aim of managing invocing and accounting.
Article 6 – Rights of users regarding their personal data
In accordance with the applicable regulations, the user has the following rights at their disposal regarding their personal data :
- Right to information : you have the right to obtain clear, transparent, understandable, and easily accessible information about both the way in which we use your personal data and your rights. It is the reason for which we are providing you with the information within this policy.
- Right of access : you have the right to access personal date which we hold about you (provided the request is not clearly unfounded or excessive, in particular owing to its repetitive nature), and to obtain a copy of it. If you wish to access the data that we hold about you, please contact us using the contact details given below.
- Right of rectification : you have the right to demand that your personal data is rectified if it is inaccurate or outdated, and/or that it be completed if it is incomplete ((provided the request is not clearly unfounded or excessive, in particular owing to its repetitive nature). If you wish to change your personal details, please contact us using the contact details given below.
- Right of erasure : in some cases, you have the right to have your personal data erased or removed. This is not an absolute right, as we may be forced to keep your personal data for legal or legitimate reasons. If you wish for us to erase your data, please contact us using the contact details given below.
- Right to limits being placed on data processing : this right means that the processing of data about you which we undertake is limited, so that we are able to store this data, but we cannot use it or discuss it. This right is applicable in special circumstances, namely :
- In cases where the accuracy of the personal data is challenged by the person in question (this means you). The processing of the data is then limited for a period of time allowing MA to check the accuracy of the personal data.
- In cases where the processing of data is lawful and the person in question (this means you) is opposed to personal data being erased and instead requests limits being placed on its use.
- In cases where MA no longer needs personal data for processing purposes, but when the data is still necessary for the establishment, exercise or defence of legal claims.
- In cases where the person in question (this means you) has refused their data being processed when it is based upon legitimate interests being pursued by MA during a checking audit which focusses on whether or not the legitimate motives being pursued by MA take precedence over those of the person in question.
If you wish for limits to be placed on your data being processed, please contact us using the contact details shown in item 9 below
- Right to oppose your personal date being processed when its processing is based upon MA’s legitimate interests (to ascertain the types of data processing this refers to, we refer to this item in the table shown in section 3 of this Privacy Policy): you can at any time refuse the processing of your personal data for reasons related to your personal circumstances, unless MA puts forward legitimate and compelling reasons for the processing of such data which take precedence over your interests, rights and freedoms, or when such data is necessary for the establishment, exercise or defence of legal claims. If you wish to exercise your right to refuse your data being processed, or receive more information about the ways you can exercise this right, please contact us using the contact details below.
- Right to refuse receiving marketing messages : you can at any time unsubscribe or object to receiving marketing messages from MA. All you need to do is simply click on the link at the bottom of the page in the messages that you receive from MA, or to send a message using the contact details below. However, the sending of certain e-mails from MA will persist, in particular messages containing invoices.
- Right to data portability: you have the right to receive the personal data about you that we hold about you and that you have provided us with in a structured, commonly used and machine-readable format. This only applies to the data that you have directly or indirectly provided and that is only when the processing of data is based on your consent or in the execution of a contract and when it is carried out with the assistance of automated processes. We would like to invite you to take a look at the list of legal bases behind the ways we process personal data (see section 3 within this Privacy Policy) to find out whether the way we process data is based on a contract or your consent. To exercise your right to data portability or obtain more information, please contact us using the contact details below.
- The right to send us special instructions regarding the fate of your personal data after your death.
- The right to make a complaint with a regulating authority: you have the right to make a complaint with the data protection regulator of your country (in France this is the National Commission for Information Technology and Civil Liberties) in order to challenge MA’s working practices regarding the protection of personal data and privacy. We would however invite you to contact us using the contact details below before making any complaint with the relevant data protection authority.
Article 7 – Updates of personal data
The users agrees :
- that personal data about them will be accurate, complete and unequivocal.
Article 8 – Communication of users’ personal data
MA agrees to store all personal data that is collected and to only share it in certain circumstances, and do so in accordance with the provisions of the applicable regulations.
- Communication of users’ personal data to employees of MA :
Some of users’ personal data is accessible to employees of MA if these people need to have access to it in order to carry out the stated objectives, that is providing users with services in an appropriate way. MA’s internal departments which are able to have access to users’ personal data are predominantly the IT department, technical support department, marketing/sales department as well as coaches.
- The communication of users’ personal data to third party service providers:
MA may give third-party service providers acting as subcontractors access to users’ personal data in order to perform services relating to the site, this includes payment services, web hosting, data storage, web analysis services, marketing services, digital communication services, data processing services, data management services, or digital maintenance. These service providers will only act on MA’s instructions and will only have access to users’ personal data in order to carry out these services and they shall be held to the same security and privacy requirements as MA.
In addition, the user’s personal data can be shared with third parties for the following reasons :
- as part of a merger, acquisition or sale of the company’s assets, in whole or in part, which the user recognises they have been made aware of
- in response to judicial or administrative proceedings of any kind, or as a result of enforcement action as requested by the relevant authorities
- in order to comply with legal obligations, to protect the rights and/or safety of an individual, to protect MA’s rights and property – including the necessity to see that these General Terms and Conditions are complied with – and to prevent problems with fraud or security or technical issues.
Article 9 – Storage of users’ personal data
Personal data collected by MA is stored on the servers of an external service provider located within the European Economic Area.
MA requires this service provider to take all organisational and technical measures necessary to guarantee an adequate level of protection of users’ personal data, in accordance with the applicable regulations.
MA stores personal data for a duration of 3 years.
Article 10 – Security and protection of users’ personal data
The security of personal data forms part of MA’s priorities. MA is committed to taking all reasonable measures at an organisational and technical level in order to prevent any disclosure, use, alteration, accidental loss or destruction of a user’s personal data.
Article 11 – Modifications to the Privacy Policy
MA will be able to update this policy at any time in order to adapt it to potential new working practices and offers of services. Where this is the case, the date the policy was last updated will be updated and will show the day on which changes were made. It is the responsibility of users to check for any potential updates to this policy posted on the site. If MA makes any significant changes, users will be notified by way of an e-mail.
Article 12 – Links to third party mobile applications and/or websites
While browsing the site, the user is likely to see content which contains links to third party mobile applications and/or websites. MA cannot access nor monitor cookies or any other features used by third party mobile applications and/or websites, and the practices of these external mobile applications are not covered by this policy. Accordingly, it is the user’s responsibility to contact and/or directly look at the general terms and conditions of use and privacy policy of these mobile applications and/or websites of these third parties in order to obtain additional information regarding their personal data protection procedures.
Article 13 – Contacting MA
Broadly speaking, if the user has questions or comments regarding this policy, or regarding what MA uses their data for, they can contact MA at the following e-mail address : rgpd@mouratoglou.com
As the protection of data today poses a significant challenge, MA has intentionally chosen to appoint a ‘Delegate for Data Protection’. This delegate is reachable at the following e-mail address : rgpd@mouratoglou.com