Confidentiality and security are of the utmost importance to the FFT, and we strive to ensure that the technical and organisational measures we have put in place respect your data protection rights.
By using the Website’s services or by filling in a contact form on the Website, you agree that the FFT may collect, process, store and/or use, as the case may be, the personal data submitted in accordance with the rules set forth above.
By giving us your consent, you have the right to rectify, the right to be forgotten and/or the right to delete your personal data.
DATA CONTROLLER IDENTITY
The personal data that may be gathered via the Website is collected by the French Tennis Federation (hereinafter referred to as “the FFT”), an organisation governed by the French Law of 1st July 1901 (Intra-community VAT no.: FR 63 775 671 381), and state-approved by the decree of 13 July 1923, the registered office of which is located at Stade Roland-Garros, 2 avenue Gordon-Bennett, 75016 Paris, France.
DATA PROTECTION OFFICER IDENTITY
The FFT’s Data Protection Officer is Mr Ibrahima Souaré (firstname.lastname@example.org).
PERSONAL DATA COLLECTED VIA THE WEBSITE
Some of your personal data is automatically collected as a result of your actions on the Website (see the section on cookies). Apart from this data, when you sign up or when you use the services offered by the Website, the following information may be collected and processed:
• Account/profile creation: When you create your account/profile, the following information is recorded: your title, first name(s), surname(s), date of birth, country of birth, postal address, e-mail address, telephone number, and connection data.
• Connection to the Website: Here, your connection (log-in and password), navigation and location data is recorded (with your consent, if applicable).
• Orders: When you order products and/or services on the Website, your connection and navigation data, order history, and complaints, incidents and information related to subscriptions and correspondence may be recorded (with your consent, if applicable).
• Contact: When you fill in a contact form on the Website, your first name(s), surname(s) and e-mail address are collected.
In any event, we shall never collect sensitive personal data, such as government identification information (social security number, driving licence, tax identification number, etc.), full payment card numbers, personal bank account numbers, medical records or information relating to healthcare claims associated with individuals.
PURPOSES OF PROCESSING AND LEGAL BASIS
The main purpose of collecting your personal data is to provide you with a safe, optimal, efficient and customised experience. To this end, you agree that we may use your personal data to:
• Optimise the layout and operation of the Website, and anticipate and resolve any problems so as to enhance the access to and use of the Website as well as the use of our services
• Provide our services and facilitate their operation, including running checks related to you
• Verify and authenticate your data
• Customise, evaluate and improve our services, content and documentation
• Analyse the volume and history of your use of our services
• Keep you informed about our services and those of our partner companies
• Prevent, detect and investigate all potentially prohibited and illegal activities or activities contrary to good practice, and to combat fraud, misuse, viruses and other malware
• Manage our relationship with you
• Provide assistance to the Website users
• Manage the Website’s payment services
• Provide customised content and services based on your browsing history, preferences and areas of interest
• Send sales information and advertisements based on your browsing history, preferences and areas of interest
• Comply with our legal and regulatory obligations
For our newsletters and other marketing or promotional e-mails that we send to you, we will process your personal data on the basis of the explicit consent that you have given for this purpose, if applicable (unless the marketing or promotional e-mails concern products and/or services similar to the products and/or services that you have previously ordered).
We shall only process or use your personal data for the purposes described above.
Where certain information is compulsory to access specific features of the Website, this is pointed out at the time of data entry. In the event that you refuse to provide the compulsory information, you may not be able to access certain services, features or sections of the Website.
NEWSLETTERS AND E-MAILS
An ‘unsubscribe’ link shall be systematically included in each marketing, promotional, or information-based newsletter and e-mail that we send you. For those of you who have clearly agreed to receive our newsletters, you can easily unsubscribe by clicking on the unsubscribe links included in each of the accompanying e-mails.
Your personal data collected on the Website by the FFT or on its behalf is done so for the specific needs of the FFT, the recipient. Access to your personal data is strictly limited to only persons who are authorised by the FFT, empowered by virtue of their functions and bound by an obligation of confidentiality.
However, your personal data may be processed on the FFT’s behalf by, or passed on to, subcontracting companies contractually responsible for carrying out tasks necessary for the smooth operation of the Website and its services, as well as the effective management of the relationship with you, or passed on to subcontractors by the FFT, without you being required to give your permission. It should be noted that, when executing the services, the subcontractors have only limited access to your data and a contractual obligation to use it in accordance with the applicable legal and regulatory regulations related to the protection of personal data.
Apart from the cases set forth above, we shall not disclose your personal data to third parties, unless: (1) you request or give your permission for such a disclosure, (2) the disclosure is required to process transactions or provide services requested by you, (3) the FFT is compelled to do so by a governmental authority or regulatory body, in response to a court order, a summons or another similar governmental or legal demand, or to establish or defend a legal claim, or (4) the third party acts as an agent or subcontractor of the FFT in executing the services of the Website (as an example, the FFT employs certain service providers for the use of tags and the placing of cookies).
YOUR RIGHTS WITH REGARD TO PROTECTING YOUR DATA
In accordance with the amended Data Protection Act of 6 January 1978 and with the General Data Protection Regulation (EU) 2016/679/UE of 27 April 2016, you have the right to:
• Update or delete your data by signing into your account and configuring your settings
• Exercise your right of access, to find out the nature of the personal data pertaining to you
• Request that your data is updated, if it is inaccurate
• Request the portability or deletion of your data
• Request that your account be deleted
• Request that the processing of your data be limited
• Object to, for legitimate reasons, the processing of your data
• Refuse to give, or withdraw, your consent to the use, by our services, of your contact details in order to deliver promotional and marketing messages by e-mail, text, telephone call, or post. This right remains valid whether the information pertaining to you has been provided to us directly by you or by third-party partners to whom you may have provided it (in this case, you will have to click on the unsubscribe links provided in our text messages or e-mails or contact us in the manner described below).
You can exercise your rights by changing the settings of your account, directly on the ‘Contact us’ page of the Website or by writing to the following postal address: Fédération Française de Tennis, Stade Roland-Garros, Service Clients, 2 avenue Gordon Bennett, 75016 Paris, France, or by contacting the FFT’s Data Protection Officer (e-mail: email@example.com). Your requests will be dealt with within 30 days. For security reasons and so as to avoid fraudulent requests, we may require that you provide valid proof of identity and/or proof of authority in support of your request.
For any additional information or complaints, you may contact the CNIL, the French data protection authority (more information can be found at www.cnil.fr).
Your personal information is stored in active databases, log files or other types of files. In the case of our active database, your personal information is kept for a period of 3 years from the end of the commercial relationship or the last contact (in the case of customers), or for a period of 3 years from the date of collection or the last contact (in the case of prospects), unless you exercise one of the rights granted to you by law, as provided for above, or if a longer retention period is authorised or imposed by virtue of a legal or regulatory provision.
During this period, the Website shall put in place the organisational, software-related, legal, technical and physical means to ensure the confidentiality and security of your personal data, so as to prevent it from being damaged, deleted or accessed by unauthorised third parties.
Your other data may be deleted at any time during the active use of your account, in accordance with the provisions set forth above.
DATA STORAGE LOCATION AND TRANSFERS
The host servers on which we process and store our databases are exclusively located within the European Union.
We shall undertake to inform you immediately, insofar as we are legally authorised to do so, in the event we receive a request from an administrative or legal authority relating to your data.
Within the framework of our services, we attach the greatest importance to the security and integrity of the personal data of our customers and users.
Therefore, and in accordance with the GDPR, we shall undertake to take all adequate precautions so as to maintain the security of the data, and in particular to protect it from any accidental or illicit destruction, accidental loss, and unauthorised modification, dissemination or access, as well as from any other form of illicit processing or communication to unauthorised persons.
To this end, we implement industry-standard security measures to protect personal data against unauthorised disclosure. By using industry-recommended encryption, we take the necessary steps to protect payments and payment card information.
Additionally, in order to prevent any unauthorised access and to ensure the accuracy and proper use of the data, we have implemented appropriate electronic, physical and management procedures to safeguard and preserve the data collected during the use of our services.
Despite this, no-one should consider themselves completely safe from a potential hacking incident. This is why, in the event of a security breach that affects you, we shall undertake to inform you of it as soon as possible and to do our very best to take all possible measures to neutralise the violation and minimise its impact. In the event that you suffer damage as a result of the exploitation of a security breach by a third party, we shall undertake to provide you with all the assistance you require in order that you may assert your rights.
LIMITATION OF LIABILITY
Any download of content from the Website is carried out at the user’s own risk and under the user’s sole responsibility. Consequently, the FFT shall not be held responsible for any damage to the user’s computer or any loss of data resulting from a download.
The photos on the Site are not contractual.
Hypertext links installed on the Site may allow you to access other resources on the Internet. Where applicable, the FFT is in no way responsible for the content of these resources, particularly with regard to the protection of personal data.
Please visit our contact page (https://store.rolandgarros.com/contact-us.html) if you have any questions.
You can also contact the FFT’s Data Protection Officer by e-mail (firstname.lastname@example.org), or by post at the following address: Fédération Française de Tennis, Délégué à la Protection des Données, Stade Roland-Garros, 2 avenue Gordon-Bennet, 75016 Paris, France.