PERSONAL DATA PROTECTION POLICY
The Automobile Club de l’Ouest places great importance on ensuring the privacy of any personal data collected or used during the course of our business activities and, more generally, protecting our customers’ privacy.
This Personal Data Protection Policy explains how your personal data is collected when you log onto and use the Automobile Club de l’Ouest’s websites (the “Websites”) and mobile applications (“Apps”). It also tells you how the Automobile Club de l’Ouest uses your data and what we do to protect it, what your rights are, and how you can contact us.
This is an important document. We advise you to read it carefully and to check back regularly for updates.
The DATA CONTROLLER for your personal data
The data controller is :
Automobile Club de l’Ouest, a French not-for-profit organisation, registration number SIREN 775 652 316,
Circuit des 24 Heures
72019 Le Mans Cedex 2, France
If you have any questions about how your data is used or any comments, suggestions or concerns, you can contact our Data Protection Officer at firstname.lastname@example.org.
What personal data WE COLLECT
We only collect relevant and necessary information, which we get from you via our Websites, Apps, and services used at the Circuit des 24 Heures du Mans, or at our branches and official outlets.
In some cases, you provide us with personal information directly, such as when you create an account, make a purchase, sign up for our newsletters or enter a contest.
Information you provide includes:
- Data which can be used to identify you: your first and last names, and date of birth
- Your contact details: your postal address, email address and telephone number
- Data from things you do on our Websites and Apps: products or tickets you purchase, type of subscription, and your order history
- Your payment details (bank details) and information about purchases made
- Reviews and comments posted on our Websites and Apps
- Data about events: arrival time, entrance gate, and images taken.
Personal data we collect automatically and directly from you when you use our services includes :
- Your IP address and device IDs
- Technical data about your browser or your device: the name of the device, its operating system, and your language settings
- Login data: connection and usage logs, IP address, and the unique ID
- Browsing data: Websites or Apps visited, the last pages you viewed, ads you click on, products you’ve searched for, the length of your visit, items added to your cart, etc.
CHILDREN’s personal data
We encourage parents to teach their children about how to protect their privacy and how to communicate online.
We comply with legal requirements in this regard and do not allow children under 16 to sign up to our Websites and Apps. We require their legal representative’s permission to create an account on our Websites or Apps or for children to take part in promotional campaigns run by the Automobile Club de l’Ouest, such as contests.
HOW your data is used
The Automobile Club de l’Ouest uses your personal data to:
- provide you with the products and services requested
- process and track your order, including delivery
- communicate with you about your purchase or the event you are attending
- answer your questions, resolve any queries you have, and get your opinion
- record your entries for contests, predictions or surveys
- handle the payment of your purchases.
We also process your data for purposes than other strictly performing our contract, when we have ascertained a legitimate reason to do so beforehand. We may process your data in order to:
- organise direct marketing and sales campaigns
- conduct studies and produce statistics to enhance your experience
- analyse the way you use our products and services so that we can improve them
- identify and correct any bugs which may occur on our Websites and Apps to ensure they function correctly
- protect you from fraudulent transactions or embezzlement
- ensure that you can exercise your privacy rights.
We also process your data within the scope and as per the provisions of Article L. 332-1 of the French Sports Code, for the purpose of ensuring the safety of sports events by refusing or cancelling, as applicable, the issue of tickets to such events or access to persons who have breached or who contravene the provisions of the general terms and conditions of sale or internal regulations relating to the security of such events.
If you provide your consent, we will send you our marketing communications and information about products, services and events organised by the Automobile Club de l’Ouest and its partners.
ACCESSING your personal data
The Automobile Club de l’Ouest may transfer your personal data to:
- service providers used to provide a product or service, such as shipping and delivery services, for example;
- payment service providers who manage payments and the appropriate control procedures;
- third parties who provide us with IT services such as platforms, hosting services, technical assistance for our software and applications which may contain data about you, data analysis or email distribution;
- service providers involved in organising events run by Automobile Club de l’Ouest, including access to and security at the Circuit des 24 Heures du Mans;
- administrative, judicial and supervisory authorities, if we are legally required to provide such information;
However, we will not pass on any of your data to partners for marketing or prospecting purposes without your permission.
The Automobile Club de l’Ouest ensures that all our partners and service providers comply with the principles set out in the regulations in force.
How long your personal data is KEPT for
Your personal data will be kept for as long we need in order to fulfil the purposes set out in this Policy, within the legal time limit.
We keep your personal data for three (3) years after your last login.
However, if you buy any products or services from the Automobile Club de l’Ouest – from our ticket office, or stores, for example – or if you attend an event organised by us, we may store your personal data for longer in order to comply with our legal obligations and any applicable limitation periods.
TRANSFER of your personal data OUTSIDE the EU
Data concerning you may be processed outside the European Union. If this happens, we will take all necessary measures with our service providers to ensure that your data is sufficiently protected in compliance with current regulations.
If the service providers concerned have not signed the Privacy Shield agreement for transferring data to the United States of America, or are not located in a country considered to have sufficient data protection laws, they will have signed the European Union’s standard contractual clauses or will be bound by strict internal regulations approved by personal data protection supervisory authorities.
SECURITY of your personal data
We take all the organisational and technical measures required to protect your data. In a general manner, we endeavour to protect personal data by considering the level of sensitivity of such information and the potential risks incurred by processing and using it. We apply all necessary measures to safeguard the confidentiality, integrity, availability and resilience of your data. Furthermore, we make sure that data concerning you is stored in information systems with an appropriate level of security, to which access is protected, restricted and logged.
We sign strict non-disclosure agreements with everybody who processes data on our behalf. We also
make sure that all members of staff and all persons involved in data processing adhere to data protection rules and undertake to keep any data processed confidential.
If you think that your personal data has been used inappropriately by a third party, please let us know immediately by sending an email to email@example.com.
In accordance with regulations, you have the following rights:
- Right of access – you are entitled to obtain information about the way your personal data is processed and a copy of your data;
- Right to rectification – you can demand that any incorrect personal data be amended. If you have an account, you can easily amend your details on the “account.lemans.org” website.
- Right to erasure/right to be forgotten – you can make sure that your personal data is deleted;
- Right to restriction – you can ask us to restrict the way we process data about you;
- Right to data portability – you are entitled to receive an electronic copy of your data or ask for it to be transferred from our database to another database.
You can also provide us with instructions for keeping, deleting or communicating your data in the event of your death, and designate the person who will deal with this.
These are not absolute rights, but can be exercised within the conditions and restrictions set out in the regulations.
If you have agreed to receive marketing communications by email or our newsletters, you can unsubscribe by clicking on the unsubscribe link which features in all emails or messages that we send you.
You also have the right to disable cookies. Default Internet browser settings are usually set to accept cookies; however, you can easily change this in your browser settings. The help function on your browser will explain how to do this.
If you are the legal representative of a child under 16 and you think that your child has given us information without your consent, you can contact us at the address shown below so that we can delete the information and close the account if necessary.
EXERCISING your rights
You can contact our Data Protection Officer at any time by clicking on this link: firstname.lastname@example.org or by writing to: Automobile Club de l’Ouest, Circuit des 24 Heures, 72019 Le Mans Cedex 2, France.
You must include a photocopy of your ID (identity card or passport, permanent or temporary resident’s permit, or livret de circulation issued by the French government, or a passport or national identity card issued by another country). The relevant department will reply to you within a month of receiving your request.
If you wish, you can submit a claim to the CNIL (the French data protection authority) in accordance with regulations, by following the process explained on their website (www.cnil.fr).
CHANGES to our Personal Data Protection Policy
Regulations and usage change over time. We therefore reserve the right to amend our Personal Data Protection Policy at any time in order to accommodate such changes.
Updated versions of our Personal Data Protection Policy will be published immediately and available for you to read on our Websites and Apps.
J’ai modifié ces consignes afin de les rendre pertinent aux lecteurs anglophones :
J’ai enlevé « European Union » et rajouté « issued by another country » car ce document peut également concerner les ressortissants de pays non-EU (notamment les Etats Unis, l’Afrique du Sud ou l’Australie). J’ai également rajouté « passeport » pour les non-français car tous les pays ne délivrent pas des cartes d’identité.