June 2nd - July 16th, 2016
ARTICLE 1 – PREAMBLE
ARTICLE 2 – PERSONAL DATA COLLECTED AND PROCESSED IN THE FRAMEWORK OF BROWSING AND USE OF THE SITE
A -Data collected and processed and method of collection
i) Newsletter subscription:
Subject to the express consent of the user, collected when registering for the LA FAB newsletter, the following personal data is collected:
ii) Buying tickets at the FOB box office
When the user makes a purchase at LA FAB’s box office, the following personal data is collected:
Surname, first name, postal address, telephone number, e-mail address
LA FAB will store all the data collected in its site’s computer systems under reasonable security conditions.
LA FAB will regularly review the personal data held, and will delete those that are no longer required. No personal data will be held for more than five years. After this period, such data may be anonymised and retained by LA FAB for legal or statistical purposes.
The user’s bank details are not kept beyond the purchase, unless the user has consented to their being saved in his/her account. In any case, the cryptogram is never kept by LA FAB.
B – Transmission of data to a third party
LA FAB may communicate personal data to its subcontractors and suppliers. For example, when the user makes a purchase on the site, his or her details will be communicated to the service provider responsible for delivering the order.
The data collected and processed by the site are exclusively hosted and processed in France.
ARTICLE 3 – DATA PROCESSING MANAGER AND DATA PROTECTION DELEGATE
The processing manager of personal data is: Le Fonds de dotation Agnès troublé dite agnès b.
It can be contacted by e-mail at the address: firstname.lastname@example.org or by post at the address:
17 Rue Dieu
The data processing manager shall be responsible for determining the purposes and means of processing personal data.
A – Obligations of the data controller
The data controller undertakes to protect the personal data collected, and to respect the purposes for which such data were collected.
The site has an SSL certificate to ensure that the information and data transferred through the site are secure. An SSL certificate (“Secure Socket Layer” Certificate) is intended to secure the data exchanged between the user and the site [where applicable].
The data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this would entail disproportionate formalities, costs and actions for the user.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the data controller undertakes to inform the user by any means.
C -The Data Protection Officer [if applicable]
In addition, the user is informed that the following person has been appointed Data Protection Officer: Stéphane Lapierre.
The role of the Data Protection Officer is to ensure the proper application of national and supranational provisions relating to the collection and processing of personal data.
He can be contacted by e-mail at the following address email@example.com
ARTICLE 4 – USER’S RIGHTS
In accordance with the regulations concerning the processing of personal data, the user has the following rights listed below:
A. A. Right of access, rectification and deletion
The user can view, update, modify or request the deletion of data concerning him/her.
If he has one, the user has the right to request the deletion of his personal space.
B. Right to data portability
The user has the right to request the portability of his data, held by the site, to another.
C. Right to limit and oppose the processing of data
The user has the right to request the limitation or to oppose the processing of his data by the site, without the site being able to refuse, unless it can demonstrate the existence of legitimate and compelling reasons, which may prevail over the interests and the rights and freedoms of the user.
For any information concerning his rights, or to exercise them, the user must write to the data controller at the following address: firstname.lastname@example.org.
In order for the data controller to comply with the request, the user is required to communicate to the data controller: his first and last names as well as his e-mail address, and, if relevant, his account or personal space or subscriber number.
The data controller is obliged to reply to the user within 30 days.
D. Right of recourse to the competent authority
In the event that the data controller does not respond to the user’s request, or if he believes that his rights are being infringed, he is entitled to refer the matter to the CNIL or any competent judge.