Data Protection Policy

In the course of its activities, MAMS (Festicar's management company), in its capacity as data controller, is likely to collect and process personal data, in particular that of its agents and users as well as that of the people with whom it comes into contact in the course of its various missions.

All personal data processing carried out in the context of its activities complies with the regulations applicable to the protection of personal data, in particular the provisions of the amended French Data Protection Act of 6 January 1978 and the General Data Protection Regulation (EU Regulation 2016/679) or ‘RGPD’.

In particular, MAMS undertakes to comply with the following principles :

  • Your personal data will be processed lawfully, fairly and transparently.
  • Your personal data is collected for specified, explicit and legitimate purposes and is not further processed in a way incompatible with those purposes.
  • Your personal data is kept in an appropriate and relevant manner and is limited to what is necessary for the purposes for which it is processed.
  • Your personal data is kept accurate and up to date and all reasonable steps are taken to ensure that inaccurate data, having regard to the purposes for which it is processed, is deleted or rectified without delay.
  • Your personal data is kept in a form that allows identification of the persons concerned for no longer than is necessary for the purposes for which it is processed.
  • Your personal data is processed in such a way as to ensure appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.


    • Data controller

    Your personal data is collected by us and stored on our premises in secure locations.


    Personal data collected

    The term ‘personal data’ refers to personal information that enables you to be identified directly or indirectly, as you have agreed to provide it to us.

    This data is likely to be collected when you open an account with us, when you contact us for information or when we set up a contract if you are not known to us (breakdown service, etc.).

    With certain exceptions, the personal data likely to be processed by MAMS are :

  • First and last name
  • Email
  • Phone number

    • Some of this information is required to benefit from all our services and for the proper processing of the service provided.

    Our application logs collect your IP address, the URL of the page consulted, the HTTP Referrer and your HTTP User Agent when you browse a festicar.io website. This data is collected for the sole purpose of incident response, particularly in the event of attacks or attempted attacks, measuring the number of visits and audience monitoring. These application logs are kept for one year.


    Purposes of processing

    MAMS may process your personal data for various purposes, depending on the relevant legal basis:

  • Consent: in cases where you have given your consent to the processing of your personal data for one or more specific purposes.
  • Performance of a contract: where the processing of personal data is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual measures taken at your request.


    • Data recipient

    Depending on the purposes for which personal data is collected, the following persons/organisations may have access to your data:

  • MAMS staff (permanent, contract and trainees),
  • Third parties processing personal data as service providers in accordance with our instructions: Contacting users of the Festicar website

    • We do not sell or rent your personal data to third parties. The data collected is used exclusively by MAMS. We undertake to ensure appropriate security controls to protect your personal data against any foreseeable danger.


    Retention of data

    Your personal data is kept for as long as is necessary to achieve the purpose for which it was collected. It will then be archived with restricted access for a further period in accordance with the statutory limitation and retention periods for strictly limited purposes authorised by law. It will then be permanently destroyed.


    Data security and confidentiality

    All our users' personal data is stored on our own secure computers, based exclusively in France.

    We take every precaution to protect the security of your data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties. All access to our database is secure and controlled.

    We implement organisational, technical, software and physical digital security measures to protect personal data against alteration, destruction and unauthorised access.



    Data transfer outside the European Union

    We do not transfer your personal data outside France and, in general, outside the European Union.


    Exercising your rights

    Pursuant to the regulations applicable to personal data (and in particular in accordance with Regulation 2016/679/EU of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the General Data Protection Regulation known as the ‘GDPR’), you have the following rights:

  • Access rights
  • Right of rectification
  • Right to deletion
  • Right to restrict processing
  • Right to object


    • Updating the charter

    In a constantly changing world, we reserve the right to make any useful changes to this charter relating to the protection of personal data, at any time, in particular to take account of changes in usage, internal procedures or applicable regulations.

    In the event of a change to this charter, we undertake to publish the new version on our website and we will keep you informed. We therefore invite you to consult our charter on a regular basis, in order to better understand the use of your personal data and to be aware of any changes or developments in our practices or procedures.


    Data Protection Officer

    If you have any questions about this Charter and/or would like to request access to all the information concerning you, find out the origin of this information, obtain a copy of it, or request that your data be corrected, completed, updated or deleted, you can contact our Data Protection Officer by e-mail or post at :

    MAMS
    Emmy Le Guellec
    4 Grand Rue Saint-Maurice
    82130 La Française
    ou
    rgpd@festicar.info

    In the event of failure to respect your rights or of any difficulty in connection with the management of your personal data, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the supervisory authority responsible for ensuring compliance with obligations relating to personal data.



    Last update: 25 November 2024