Privacy Policy for the Facix Website

Thank you for visiting the Facix website and reviewing our privacy policy.

By browsing our website or using our systems or services, you acknowledge that you have read and understood this policy and consent to the processing of your data and personal information in accordance with it, where applicable.

This privacy policy consists of the following elements:

• Purposes of the privacy policy
• Consent collection methods
• Data collection purposes
• Collected personal information
• Data processing purposes
• Data source
• Mandatory nature of data collection
• Automated decision-making
• Data recipients
• Concerned individuals
• Security
• Your rights regarding your data
• Cookies

Purposes of the privacy policy:

Respecting privacy and protecting personal information are essential to us. Therefore, through this Policy, we aim to protect them in accordance with applicable laws.

To ensure this protection, Facix undertakes to collect, process, and share information identifying an individual only when the individual has consented to it, unless permitted or required by law, in which case your consent will not be necessary.

The Policy aims to inform users of the reasons and the way Facix, or anyone acting on its behalf, will collect and use their personal information. It aims to be in plain language to ensure informed consent of users.

For the purposes of this Policy, "personal information" means any information about an identifiable person or that allows identifying a person. Where possible, we will anonymize, pseudonymize, and/or aggregate this information so that it no longer identifies a person.

Consent collection methods:

We undertake to obtain consent before collecting an individual's personal information. Consent may be explicit or implicit and may be provided directly by the person or by their authorized representative.

We favor obtaining explicit consent, whether verbally, electronically, or in writing. However, implicit consent may reasonably be inferred from a person's action or inaction. For example, providing a name and address to receive a publication or a name and phone number to get a response to a question is considered implicit consent to the collection of information containing personal information. To determine the appropriate type of consent, we consider the sensitivity of the personal information involved, the purposes for which it is collected, and the reasonable expectations of a person in a similar situation.

If we want to use personal information for a new purpose, we will describe the intended use and ask for consent again.

It is not always possible, especially in the context of a request from the State, to obtain a person's consent to collect, use, or disclose their personal information. We undertake never to disclose this type of information other than in accordance with this Policy, unless required or permitted by law.

Data collection purposes

The information collected is in accordance with the purposes and objectives set out in this privacy policy.

Here are some reasons why we collect your personal information:

• To provide products and services: We will collect and process the data and information necessary to fulfill our mission and our contractual obligations.
• To ensure and improve these products and services: The data collected during your interactions with our services may be used to analyze and improve the operation of our products and services.
• To develop new products and services as well as for AI: The data collected can be used in a research and development framework to propose new products and services to our users, notably through advertisements and marketing messages. Additionally, collected and aggregated data may be processed by algorithms using artificial intelligence.
• To offer personalized products and services: The collection and analysis of data generated by your interactions with our services allow us to develop and create products and services that are relevant to always better meet your cultural and entertainment expectations, notably to anticipate adaptation measures for clients requiring it.
• To assess the performance of products and services: Data is collected to obtain information about the benefits as well as the disadvantages of our products and services in order to evaluate and resolve them if necessary, notably through surveys. This allows us to ensure the quality of our products and services and to favor risk management.
• To protect the privacy of our users: The collected data allows us to verify the identity and protect the privacy of individuals who communicate with us by phone, electronically, or otherwise.
• To meet legal obligations: Data is collected to meet obligations arising from laws, regulations, or international treaties.

Collected personal information:

Facix may collect personal information in various forms, but will only do so by lawful means and only for the necessary purposes that have been disclosed to you, as described in this Policy, or when permitted or required by law.

The personal information collected, as well as its sensitivity, may vary depending on the context of the interactions between you and Facix. Therefore, we must first inform you of the nature of the personal information we use.

We protect all personal information collected. Among the personal information that may be collected and used, we pay particular attention to the following:

• Name and contact details: First and last name, email address, postal address (partial or complete), phone number, and other similar data used to communicate with you.
• Identity documents: Passwords, password hints, and other security information used to identify you and access your account.
• Demographic data: Data about you such as your age, gender, country, and language of communication.
• Location data: Data, which may be precise or not, about the location of your device. For example, location data can be collected from a device's IP address or data from your account profile indicating with less precision where you are, such as the name of a city or a postal code.
• Activity data on our service: The activity data collected on our platform includes the activities you have chosen to register for. This information is collected to better understand your interests and personalize your experience on our service.
• Personal document: As part of your participation in activities offered by our service, you have the option to upload personal documents. These documents may include, among other things, medical certificates and other relevant documents necessary for participation in activities. The collection of this information aims to facilitate the efficient management and coordination of these activities, while ensuring the respect of your privacy and the security of your personal data.
• Other data: Other data provided when you use our website, including data from Google Analytics.

Data processing purposes:

• Providing our products and services: We use data to operate our products and services, as well as to provide you with rich and interactive experiences.
• Improving products and/or services: We use data to improve our products, including by adding new features or capabilities (Error report at the time of purchasing a ticket, or consulting an online program, etc.).
• Personalization: Some products include personalized features, such as recommendations that optimize your experiences and satisfaction. These features use automated processes to tailor your experiences based on the data we have about you, such as deductions we make about you and your use of the product, your activities, your interests, your location.
• Product and/or service development: We use data to develop new products. For example, we use personal information that we anonymize or pseudonymize to better understand our customers' needs.
• Customer support: We use data to diagnose and resolve issues related to products and/or services, restore access to your personal account, provide other support and assistance services.
• Contributing to the security and resolution of issues: We use data to contribute to the security and resolution of issues related to our products and services. This includes using data to secure the services offered to our customers, detect malware and malicious activities, resolve performance and compatibility issues to help customers make the most of their experience, and inform them of updates to our products and services. This may include using automated systems to detect security issues.
• Reporting and business operations: We use data to analyze our operations and improve decision-making processes. This allows us to make informed decisions and create reports on the performance of our activities.
• Protection of rights and property: We use data to detect and prevent fraud, resolve disputes, enforce contracts, and protect our property. For example, we use data to confirm the validity of tickets sold to combat fraud. We may use automated processes to detect and prevent activities that violate our rights and those of third parties.
• Legal compliance: We process data to comply with the law. For example, we use our customers' age to ensure that we comply with our obligations regarding the privacy of children or to ensure that the customer meets the recommended age for the audience. We also process contact details and identifiers to help customers exercise their data protection rights.

Data source:

Data comes from the registration, by the person wishing to have an account on Facix, of their email, first name, last name, and date of birth in the fields during registration, the documents you upload to your Facix profile, the activities you register for.

Mandatory nature of data collection:

The collection of the email address is mandatory for sending a confirmation email when registering, for updating the TOS. The first name, last name, and date of birth are mandatory for registering for an activity.

Automated decision-making:

The processing does not involve automated decision-making.

Data recipients

Categories of recipients

• The communication service, Facix webmaster;
• The IT service, Facix database manager;
• Authorized service providers such as AWS (Amazon Web Services), Stripe;
• The coaches assigned to the activities you register for;
• Authorized personnel of the associations you have participated in at least one activity;
• All users of the platform;

Data transfers outside the EU

No intentional data transfer outside the European Union is made by Facix.

Concerned individuals

The data processing concerns only individuals who wish to register on facix.fr to register for activities available on the platform.

Security

Security measures are implemented in accordance with the Information Systems Security Policy (PSSI) of the CNIL, derived from the PSSI of the State.

Refer to ANSSI for the PSSI policy.

Your rights regarding your data

You can access and obtain a copy of the data concerning you, oppose the processing of this data, have it rectified or erased. You also have the right to limit the processing of your data.

Understanding your rights

Exercise your rights

Send an email to Facix at the following address: facix_2025@labeip.epitech.eu

Complaint to the CNIL

If you believe, after contacting us, that your rights to your data are not respected, you can file a complaint with the CNIL.

Cookies

• token_identification
• tarte_au_citron
• stats_techs
• notifications