Personal data protection of the <strong>Foundation</strong> and the <strong>Endowment Fund</strong>
In terms of its missions, the Endowment Fund and the Paris Saint-Germain Foundation give particular importance to ensuring the confidentiality of personal data that it collects and uses, and more generally to the protection of the privacy of its stakeholders.
This Data Protection policy describes the manner in which your personal data is collected when you connect to the website of the Endowment Fund and the Paris Saint-Germain Foundation (“Website”) and its mobile application (“App”). It also informs you about the manner in which your personal data is used and protected by the Endowment Fund and the Paris Saint-Germain Foundation, the rights that you have and provides you with our contact information.
This policy is an important document. We recommend that you read it carefully and check if it has been amended on a regular basis. This policy was amended for the last time in March 2020.
If you have questions regarding the use of your data or wish to inform us of your comments or concerns, you can contact our data protection officer at the following address: firstname.lastname@example.org
Personal data we collect
The Endowment Fund and the Paris Saint-Germain Foundation only collects necessary and relevant information and receives it from you via our Website and the App and services that you use.
In some cases, you send us personal information directly, notably when you make a donation, subscribe to our newsletters or participate in a call for proposals. The information that you provide to us include:
- Data allowing for your identification (surname, given names, date of birth, identity document)
- Contact information (postal and email addresses, telephone number)
- Data related to operations carried out from our Website and Apps (call for proposals, donations)
- Information regarding the transaction carried out (amount of the donation, proposal supported)
- Opinions and comments posted on our Website and Apps
- Any data that you choose to send us.
In other cases, we proceed to the collection of data using cookies to better understand how you use our Website and Apps. Personal data that we collect automatically and directly from you when you use our services include:
- IP address, device usernames and your location using the GPS of your mobile device. Most mobile devices allow you to control and deactivate the geolocation functions from the “settings” menu on your device
- Technical data regarding the browser or device (name, operating system of your device, preferred language)
- Authentication data (connection and use logs, IP address, single username)
- Browsing data (Websites or Apps visited, last pages consulted, duration of the visit, links on which you clicked).
In case you represent an organisation, we furthermore send you:
- In terms of a call for proposals, the information regarding its legal representative - surname, given name, email address, nationality, date of birth as well as a copy of his identity document - with him being duly informed thereof.
- When making a donation: surname and given name of the contact person, corporate name, email and postal addresses of the organisation
- Any information that you choose to send us.
We inform you, when collecting personal data, if providing certain data is mandatory or if it is optional.
How is your data used
The Endowment Fund and the Paris Saint-Germain Foundation uses your personal data in order to:
- collect donations and carry out the related operations
- draw up your tax receipt and send it to you
- inform you of practical actions conducted with the organisation that you support financially
- send you newsletters or any informative messages regarding our news
- send information regarding the proposal presented in terms of calls for proposals
- answer requests that you sent us via the contact form
- send information regarding the event to which you are invited.
We also process data for purposes other than the strict execution of the contract, after having first ensured that there is a legitimate interest to carry out this processing. The purposes for which we may process your data are:
- to establish statistics of usage and traffic of our services
- to optimise the operation and efficiency of the services that we offer to you
- to improve your experience
- to guarantee the exercise of your rights
- to comply with our statutory and regulatory obligations notably for accounting and tax matters.
Access to your personal data
The Endowment Fund and the Paris Saint-Germain Foundation may transfer your personal data to:
- service providers to the extent that they provide services;
- third parties providing us with IT services, such as platform providers, hosting services, technical support for our software and applications that may contain data concerning you, data analysis, email distribution;
- payment service providers responsible for the appropriate payment and verification operations;
- service providers, affiliated with the organisation of functions and events organised by the Endowment Fund and the Paris Saint-Germain Foundation, including those in charge of access and security;
- advisory and auditing firms in charge of certifying our accounts;
- administrative, court and supervisory authorities, when this communication is required by Law.
The Endowment Fund and the Paris Saint-Germain Foundation furthermore ensures that its stakeholders comply with the principles resulting from the regulation in force.
The Endowment Fund and the Paris Saint-Germain Foundation finally undertake not to send information regarding you to other entities of the Paris Saint-Germain group or to third parties without your consent.
Communication of your personal data to the organisation that your support
We will send your personal data to the organisations that you choose to support financially, provided that you consented thereto. The organisation may use it for the same purposes and under the same conditions as those referred to in this policy. It however remains solely liable for compliance with its statutory obligations in terms of the processing of your personal data that it carries out itself, with its own resources and for its purposes alone. We are only liable for our use of your personal data, excluding all other uses carried out by the organisation.
Duration of storage of your personal data
Your personal data will not be stored after the statutory period strictly necessary for the management of the relationship with you in terms of the purposes presented in this Policy and to the extent of the periods imposed upon us by the applicable regulation in accounting and tax matters.
We store your data for a maximum duration of three (3) years as from the collection of your data or from the last contact from the user. We may contact you again within 3 months before the term of the duration of personal data storage determined at 3 years, so that you can inform us whether you consent to continue receiving information about our services.
Your personal data will be stored following this period, to meet tax and accounting requirements, to the extent of 10 years as from the drawing up of the tax receipt.
Transfer of your personal data outside of the UE
Data concerning you may be processed outside of the European Union. In this case, we take the necessary steps vis-à-vis our services providers to guarantee an adequate level of protection of your data in full compliance with the regulation in force.
If the service providers in question are not members of the Privacy Shield agreement regarding the transfers to the United States of America, or are not located in a country with legislation considered as offering adequate protection, they should first have signed the “standard contractual clauses” of the European Commission or should be subject to the binding internal rules approved by the supervisory authorities in terms of personal data protection.
Security of your personal data
In order to protect your data, we implement appropriate organisational and technical measures. In general, we strive to protect personal data by taking into account the sensitivity of the information in question and the potential risks incurred by the processing and its implementation. We implement all useful means to guarantee the confidentiality, integrity, availability and resilience of your data. We furthermore make sure that we store data concerning you in information systems offering an appropriate level of security, the access of which is protected, restricted and saved.
We conclude strict confidentiality agreements with any person operating in the processing of data on our behalf. We furthermore make sure that all staff and all persons operating in the processing of data comply with all rules regarding data protection and undertake to keep the processed data confidential.
If you think that your personal data is being used in an inappropriate manner by third parties, please inform us thereof immediately by email at email@example.com.
In compliance with the regulation, you have the following rights:
- Right of access – allowing you to obtain information regarding the processing of your personal data and a copy thereof;
- Right to rectification – allowing you, if your personal data is inaccurate, to require that it be amended as a consequence; [ideally add the following proposal: If you have an account, it is simple to amend your data via the “My account” function.]
- Right to erasure / right to be forgotten – allowing you to obtain the erasure or removal of your personal data;
- Right to restriction of processing – allowing you to request the restriction of processing that we carry out on the data concerning you;
- Right to portability – allowing you to obtain an electronic copy or the transfer of data concerning you from our database to another.
You can furthermore send us your instructions for the storage, erasure or communication of your data in case of death and designate the person that will be in charge thereof.
These rights are not absolute but are rather carried out under the conditions and limits determined by the regulation.
You also have the possibility to unsubscribe from our newsletters simply by clicking on the unsubscribe link contained in any email or any communication that we send you.
You also have the right to deactivate cookies. We invite you to consult the customisation page.
Exercising your rights
You can exercise your rights at any time with our Data Protection Officer by writing to the following address: Paris Saint-Germain Service Clients - 53 avenue Emile Zola – 92 100 Boulogne Billancourt or directly to this address: firstname.lastname@example.org. You will receive a response within a period of one month as from the receipt of your request.
If you wish to do so and in compliance with the regulation, you can send a claim to the National Commission for Information Technology and Civil Liberties (CNIL) according to the terms indicated on its website.
Amendment of our personal data protection policy
The regulation and practices evolve over time. We therefore reserve the right to amend the Personal Data Protection Policy at any time to adapt it to these changes.
In this respect, the Personal Data Protection Policy will be published again on our Websites and Apps so that you can take note thereof directly.