General Data Protection Regulation
GAIANOAH attaches importance to data protection and privacy respect. In this statement, we would like to provide you with information about the data we collect as part of our offers and how we process it. See definition, Art 4 of the General Data Protection Regulation (GDPR).
Name and address
The person responsible within the meaning of the GDPR, the states members national data protection laws and any other provisions relating to data protection is :
GAIANOAH
416 Port Brescou
11 rue de la Gabelle
34300 Agde, France
Tél : +33768159705
E-mail: clubgaianoah.info@gmail.com
General information regarding data processing
What personal data do we collect ?
- Inventory data (e.g. name, address)
- Contact details (e.g. email address, phone number)
- Content data (e.g. text entry, pictures, videos)
- Usage data (e.g. web pages visited, content interest, access time)
- Communication data/Metadata (e.g. device ID, IP address)
No particular categorie within the meaning of Article 9, paragraph 1 of the GDPR is included in the data processing.
Categories of people concerned by data processing :
- Customers/interested shares
- Visitors and users of the offer
- The persons concerned are bellow referred as “user”.
What are your data used for ?
- Execution of the offer, its content and functionalities
- Contractual services supply, customer service + support
- Queries answering and communications with users
- Marketing, publicity and market studies
- Fraud and abuse detection
- Security measures
How do we protect your data ?
CIn accordance of the GDPR Article 32 provisions, we handle appropriate technical and organizational measures taking into account the state of the art, the costs of implementation, the nature, scale, circumstances, the purpose of the processing, as well as the different probabilities and severity of the risk of infringement of the rights and freedoms of natural persons to guarantee a level of protection appropriate to this risk. These measures consist in particular of ensuring the confidentiality, integrity and availability of data by controlling their physical access as well as their access, seizure, disclosure, securing their availability and their separation. In addition, we have put in place procedures to ensure the rights of data subjects, deletion of data and response to data vulnerabilities. We also take into account the protection of personal data from the development stage, by respectively choosing hardware, software or procedures that comply with the principle of data protection through privacy-friendly design and default settings (GDPR Art 25).
Your data are protected against unauthorized access +
and loss by various electronic, technical, contractual and administrative means. We use security techniques (e.g. SSL, cryptographic procedures) to protect your data against access by unauthorized third parties.
Is data transmitted to third parties?
If, during processing, we disclose data to other persons or companies (subcontractors or third parties), transmit it to them, or otherwise grant them access to the data is done only on the basis of legal authorization; for example, if a transmission of data to third parties such as service providers is necessary pursuant to GDPR Article 6(1)(b) for the performance of the contract to which you have consented, this is provided for by a legal obligation or is based on our legitimate interests (e.g. use of representatives, hosting providers).
In order to be able to offer you our services optimally, we use, among other things, service providers who act on our behalf. If this is the case, data processing agreements are concluded in accordance with GDPR Article 28 with the service providers.
Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if we process it in the context of the use of a third-party service, mediation, or more specifically, a transfer of data to third parties, this will only be done if required for the performance of our (pre)contractual obligations or due to a legal obligation, based on your consent or our legitimate interests. Subject to legal or contractual authorizations, we process or have data processed in a third country only if the special conditions of GDPR Articles 44 et seq. are met. This means that the processing is carried out, for example, on the basis of specific guarantees equivalent to a level of data protection officially recognized in the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”), a Transfer Impact Assessment, or other appropriate measures.
What are my rights?
We inform you that you have the right at any time to receive free information about your stored data, a right to rectification, deletion or blocking, as well as a right to object and data portability. Please contact us for further information or to exercise your rights of withdrawal by writing to the following address: clubgaianoah.info@gmail.com. You also have the right to appeal to a supervisory authority.
When will my data be deleted?
The data we process will be deleted or restricted in accordance with GPDR Articles 17 and 18. Unless expressly stated otherwise in this privacy statement, the data we have stored will be deleted as soon as its use is no longer necessary and its deletion does not conflict with legal retention obligations or justified interests. A justified interest is manifested, for example, in the assertion, exercise or defense of your rights, or in the prevention of fraud, i.e. for your protection. If the data is not deleted because it is necessary for other and legally authorized purposes, its processing will be restricted. This means that the data will be blocked and will not be processed for other purposes.
Performance of contractual services
We process inventory data (e.g. user names and contact details), contract data (e.g. services used, payment information) in order to fulfill our contractual obligations and our services in accordance with GDPR Article 6(1)(b). The fields marked as mandatory in the online forms are necessary to the conclusion of the contract.
In the context of registration, re-registration and use of our online services, we store the IP address and the time of the corresponding user action. Storage is mandatory and serves to protect users against fraudulent or unauthorized use by other users and is also based on our legitimate interests. A transfer of this data to third parties is not planned unless it is necessary for the pursuit of our rights or if there is a legal obligation in accordance with GDPR Article 6(1)(c).
Deletion takes place after the expiry of the legal guarantee and comparable obligations. In the case of legal archiving obligations, deletion takes place after the expiry of the periods fixed by law (retention obligation for a period of 6 years in commercial law and 10 years in tax law); the information contained in a customer account is kept until its deletion.
Contacting us
When you contact us, for example by email or via a contact form, the informations provided by the user are used to process the request in accordance with GDPR Article 6(1)(b) or on the basis of the expressed consent in accordance with GDPR Article 6(1)(a).
User data may be stored in our computer systems.
We delete the information if it is no longer necessary. This necessity is reviewed every two years; user requests with a customer account are stored permanently; we refer to the deletion of information above under “performance of contractual services” of the customer account. In the case of legal archiving obligations, deletion takes place after the expiry of the periods fixed by law (retention obligation for a period of 6 years in commercial law and 10 years in tax law).
Collection of access data and event logs
On the basis of our legitimate interests within the meaning of GDPR Article 6(1)(f), we collect data on each connection to the server on which this service is located (data called event logs). Access data includes the IP address, the date and time of the consultation, the pages consulted, the browser type and version, the operating system used, any data errors, the referrer URL (the previously visited site), the user ID (internal customer number), the access provider.
The information contained in the event logs is stored for security reasons (for example, for error checking and troubleshooting or for the investigation of fraudulent or abusive use) for as long as this is necessary to achieve this purpose, and then deleted or anonymized. Data for which an additional retention period for evidentiary purposes is required is excluded from deletion until the incident is clarified.
Use of cookies
Cookies are small text files transmitted to users’ web browsers by our web server or third-party web servers to be stored there for future visits.
The cookies used may be session cookies, which are stored on our website only for the duration of your visit and are deleted at the end of the browser session, i.e. when you close your browser, or persistent cookies, which remain on your computer or device for a specified period, i.e. even after you close your browser. Session cookies are stored on your data carrier, for example, in order to ensure the availability of certain settings and functions on our website via your browser. Persistent cookies store your data and user behavior on our website, which allows us to offer you relevant information that may be of interest to you in the future. The information thus collected can be used to track your user behavior across multiple browser sessions.
We use the following types of cookies:
- Necessary cookies : these cookies ensure the availability of essential website functions, such as navigation between pages and access to secure areas. They are therefore essential for the proper functioning of the site and cannot be refused. The legal basis for the processing of personal data using necessary cookies is the performance of the contract we have concluded with you within the meaning of GDPR Article 6(1)(b).
- Functional cookies : these cookies make the use of our website more comfortable for you. Your sound settings (on/off), for example, are saved so that you do not have to set them again each time. These cookies are activated by default. However, you can also deactivate them. The legal basis for the processing of personal data using functional cookies is our legitimate interest in data processing within the meaning of GDPR Article 6(1)(f).
- Tracking and marketing cookies : some of these cookies are used to analyze how you use the website, allowing us to continuously optimize our offer. We also use other cookies to be able to determine whether the visitor comes from a website of our marketing partners. These cookies are only activated if you select them or if you click on “Accept all cookies”. Personal data is only processed using tracking and marketing cookies if we have obtained your consent to this within the meaning of GDPR Article 6(1)(a).
Online advertising
Based on our legitimate interest in accordance with GDPR Article 6(1)(f), we advertise our services and others in search engine results or on third-party sites that provide advertising space directly or through appropriate networks. If you register for our services by clicking on this type of advertising, GAIANOAH may confirm the registration and possibly other elements relating to your account in connection with the registration to the third party displaying our advertisement. By concluding the corresponding contractual agreements, we ensure that your data (e.g. your IP address) is processed in accordance with the legal provisions.
Postal marketing
Based on our legitimate interests within the meaning of GDPR Article 6, we advertise our services by post. Your personal data (name, address) is used for this purpose. If you no longer wish to receive advertising from GAIANOAH by post (“right of objection”), you can contact us here, by writing to clubgaianoah.info@gmail.com or contacting us by post at the following address:
GAIANOAH
416 Port Brescou
11 rue de la Gabelle
34300 Agde, France
If you still have unresolved privacy or data use issues that we have not addressed satisfactorily, you can file a complaint directly online with your national commission for information technology and liberties, via their dedicated online service.
Newsletter
If you subscribe to our newsletter, we will inform you by email about news and promotions related to our offer. Through this sending, we check whether you have opened the message and clicked on one of the links. This action is based on GDPR Article 6(1)(a) with your explicit consent, which you can revoke at any time. Revocation can be done by clicking on the “Unsubscribe Newsletter” link at the end of each email.
Customer surveys / User feedback
We sometimes ask you to provide feedback regarding our offer or our website. This only happens with your consent, which we collect separately within the framework of the surveys. Using the evaluations from the various surveys, tests and interviews that we combine with each other, you may receive new invitations corresponding to your interests. We will inform you in advance of the details, in particular of any collection of personal data. You have the aforementioned rights in this regard. The processing is based on GDPR Article 6(1)(a). You have the possibility at any time to object to the processing of your data for this purpose.
Protection of minors
GAIANOAH’s offer and service are exclusively reserved to adults and minors under their legal tutor conscent. We do not deliberately collect age information or personal data from children under 16 years of age without their legal tutor conscent. We advise all visitors to our website under the age of 16 not to disclose personal information through our service.
Modification and updates
We reserve the right to modify, update or supplement this privacy statement at any time. Any revised privacy statement applies only to personal information collected or modified after the revised privacy statement comes into effect.