Protection of personal data on the <strong>website</strong> and the <strong>app</strong>
Paris Saint-Germain attaches great importance to ensuring the protection of the personal data which it collects and uses, and generally to protecting the privacy of its customers.
This Data Protection Policy describes the way in which your personal data are collected when you connect to and use Paris Saint-Germain’s websites (the “Websites”) and our mobile apps (the “Apps”). It also provides you with information about the way in which your personal data are used and protected by Paris Saint-Germain, and about your rights, and explains how you can contact us.
The policy is an important document. We recommend that you read it carefully and check regularly to see if any changes have been made to it. The most recent change to the policy was in September 2020.
If you have any questions about the use of your data or wish to let us know of any comments or concerns, you can contact our Data Protection Officer at the following address: firstname.lastname@example.org
The personal data we collect
Paris Saint-Germain collects only necessary and relevant information, and receives it from you, via our Websites, Apps and services used on the Parc des Princes site.
In some cases, you give us personal information directly, in particular when you create an account, make a purchase, sign up for our newsletters, take part in a competition or contact us via the Apps.
The information you provide to us includes:
- Data enabling us to identify you (last name, first names, title, date of birth, identity document, nickname)
- Your contact details (in particular your email address and telephone number)
- Data related to transactions carried out on our Websites and Apps (products and tickets purchased, type of subscription, purchase history, delivery and/or billing address)
- Payment data and information about the transaction
- Your views and comments shared on our Websites and Apps
- Data related to events and travel arrangements for away matches (arrival time, entrance gate, images captured etc.)
- Your profile data (favourite team, number and jersey, how long you have been a supporter etc.)
In other cases, we collect data using cookies to enable us to better understand how you use our Websites and Apps.
The personal data we collect automatically and directly from you when you use our services include:
- The IP address and identifiers of the device, only on the Websites
- Technical data relating to the device and the App (the name and version of your device’s operating system, name and model of the device, version of the App, preferred language)
- Technical data relating to the browser and the device used (name and operating system of your device, preferred language) to access our Website
- Authentication data (account creation, login and use logs and unique identifier)
- Browsing data (Websites and Apps visited, most recent pages visited, ads clicked, products searched, pages visited, clicks, length of visit, products placed in your basket, etc.)
Location data relating to your use of Apps in the Parc des Princes, with your consent.
We also hold personal data on those identified as benefiting from access to a sporting or other event organised by Paris Saint-Germain. The information relates to them and is used for no other purpose.
When you access these services from our Website or App, cookies and other tracking tools will be placed on your device. We recommend that you make yourself aware of our cookies policy. This page will help you understand what cookies are and how the cookies placed by the Website or App work, and to know how Paris Saint-Germain uses them and what you can do about their use. From the cookies management page, you can personalise your preferences relating to cookies.
We encourage parents to make their children aware of the issue of protection of their privacy and the ways they communicate on the internet.
Furthermore, we comply with legal requirements on this matter and do not accept registration on our Websites or Apps by children aged under 16. We therefore ask for the consent of their legal representatives when they create an account on a Website or App or seek to take part in an activity organised by Paris Saint-Germain (in particular, competitions).
How we use your data
Paris Saint-Germain uses your personal data to:
- Supply you with products and services you ask for
- Process and track your order, including product delivery
- Communicate with you about your purchase and the event you are attending
- Reply to your questions, resolve any problems and obtain your views
- Register your participation in a competition, placing of a bet or response to a survey
- Manage payment for your purchases.
We also process data for purposes other than strict performance of the contract, provided that we have first assured ourselves that we have a legitimate interest in such processing. We may process your data for the following purposes:
- To organise direct marketing and sales promotions
- To undertake research and build statistics in order to improve your experience
- To analyse how products and services are used in order to improve our offer
- To identify and correct any bugs that may arise on our Websites and Apps, in order to ensure that they operate effectively
- To protect you against any fraudulent transaction or malpractice
- To protect our rights to a defence in court proceedings and the management of disputes
- To ensure that you can exercise your rights.
We also process your data in accordance with the provisions and restrictions laid down by Article L.332-1 of the French Sports Code, in order to ensure the safety of sporting events by refusing or where appropriate cancelling the issue of entry tickets or entry to such events for those who have previously contravened or are currently in contravention of the general terms and conditions of sale or the internal rules relating to the safety of the events.
If you consent, we will send you marketing communications and news about products, services and events organised by Paris Saint-Germain and its partners.
Access to your personal data
Paris Saint-Germain may transfer your personal data to:
- Service providers in relation to their involvement in the supply of a product or service, for example by postal or delivery services;
- Payment service providers responsible for payment operations and relevant controls;
- Third parties which supply us with IT services, such as the providers of platforms, hosting services, technical support for our software and apps which may contain your personal data, data analysis, or distribution of emails;
- Third parties which provide us with detection and resolution solutions for incidents which may relate to your account;
- Service providers associated with the organisation of sporting and other events organised by Paris Saint-Germain, including those responsible for entry and security on the Parc des Princes site;
- The administrative, legal and regulatory authorities when such disclosure is required by law or linked to an essential safety requirement.
However, none of your personal data will be given to our partners for the purposes of marketing or commercial prospecting.
Moreover, Paris Saint-Germain ensures that partners and providers involved in the delivery of services comply with the principles arising from current legislation.
Duration of storage of your personal data
Your personal data will be stored for as long as is necessary for the purposes set out in this Policy, up to the legal limits. This means that we will store your personal data provided that you have logged in to your PSG account from one of our Websites or Apps during the last three years.
If you have made a purchase on our ticketing website or store or taken [part in an event linked to Paris Saint-Germain, your personal data will be stored for longer so that we can comply with our legal obligations and ensure our rights to a defence for up to five years after the end of the relationship.
Transfer of your personal data outside the EU
Your personal data may be processed outside the European Union. In this case, we take the necessary measures in relation to our service providers to guarantee an adequate level of protection, fully compliant with current legislation.
If the service providers in question are not located in a country which has legislation considered to provide adequate protection, they will previously have signed the European Commission’s “standard contract clauses” or will be subject to binding internal rules approved by the regulatory authorities responsible for the protection of personal data.
Security of your personal data
We implement appropriate organisational and technical measures to protect your data. Generally, we do everything we can to protect personal data, taking account of the sensitivity of the information in question and the potential risks arising from processing and its implementation. We take every action necessary to ensure the confidentiality, integrity, availability and resilience of your data. Moreover, we are careful to store your personal data in information systems offering an appropriate level of security, with protected, restricted and recorded access.
We enter into strict confidentiality agreements with all those involved in processing data on our behalf. We also ensure that all staff and other individuals involved in processing data comply with all the data protection rules and undertake to protect the confidentiality of the data processed.
If you believe that your personal data have been used in an inappropriate manner by a third party, we would be grateful if you could inform us immediately by email to email@example.com.
Under the legislation, you have the following rights:
- Right of access - allowing you to obtain information about the processing of your personal data, and a copy of them;
- Right of rectification - allowing you to require that your personal data corrected if they are inaccurate;
- Right to erasure / right to be forgotten - allowing you to have your personal data erased or deleted;
- Right to limitation - allowing you to ask for a limitation on the processing we carry out on your personal data;
- Right to portability - allowing you to obtain an electronic copy or transfer of your data from one database to another;
- You may also send us instructions for the storage, erasure, or communication of your data in the event of death and appoint the person who will be responsible.
These rights are not absolute, but are to be exercised under the terms and within the limits laid down by the legislation.
If you have created an account, it is easy to change some of your Data using the “My Account” function on our Websites and Apps.
If you have agreed to receive our commercial offers by electronic means or to receive our newsletters, you have the option to unsubscribe by simply clicking on the unsubscribe link included in every email or other communication we send you or via the “My Account” function on our Websites and Apps.
When you install the App or first connect to our Website, a banner will inform you of the collection of cookies and the purpose of this collection. If you confirm that you accept the cookies by clicking on the “Accept” button in the banner, your consent will be deemed to have been obtained. The banner asking you to accept cookies will then no longer be displayed on your screen.
If you click on “Personalise” you will be redirected to the cookie management page. From that page, you have the option of directly accepting or refusing all or some cookies, except for the functional cookies which are essential to the effective operation of the Website and App.
Whatever your initial choice, you can change your decision at any time and choose to accept all or some of the cookies directly on the Website or the App. A link to the cookie management page is always accessible from the Website help centre and from the App settings to allow you to personalise your preferences in relation to cookies.
If you are the legal representative of a child aged under 16 and you believe that the child has given us information without your consent, you can contact us at the address below so that we can delete the information and if necessary close the account.
Exercise your rights
You can exercise your rights at any time by clicking here or writing us at the following address: Paris Saint-Germain Customer Services - 53 Avenue Emile Zola 92,100 - Boulogne Billancourt. You can also contact our Data Protection Office at this address: firstname.lastname@example.org.
Your request should be accompanied by a photocopy of an identity document (national identity card, passport, resident’s card or permit, or travellers’ permit) issued by the French authorities or an EU identity card. You will be sent a reply by the department concerned within one month of receipt of the request.
If you wish you may, in accordance with the legislation, make a complaint to the CNIL, following the procedures set out on its website (www.cnil.fr).
Changes to our personal data protection policy
Legislation and practice change over time. We therefore reserve the right to change the Personal Data Protection Policy at any time to adjust to such changes.
In the event of changes, the Personal Data Protection Policy will be republished on our Websites and Apps so that you can find out directly.