Data Protection
Policy
Last update : 08/10/2024
In the course of its activities, MAMS (Festicar's management company), in its capacity as data controller, is likely to collect and process personal data, in particular that of its agents and users as well as that of the people with whom it comes into contact in the course of its various missions.
All personal data processing carried out in the context of its activities complies with the regulations applicable to the protection of personal data, in particular the provisions of the amended French Data Protection Act of 6 January 1978 and the General Data Protection Regulation (EU Regulation 2016/679) or ‘RGPD’.
In particular, MAMS undertakes to comply with the following principles:
-
Your personal data is processed lawfully, fairly and transparently.
-
Your personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way that is incompatible with these purposes.
-
Your personal data is kept in an appropriate and relevant manner and is limited to what is necessary for the purposes for which it is processed.
-
Your personal data is accurate, kept up to date and all reasonable steps are taken to ensure that inaccurate data, having regard to the purposes for which it is processed, is erased or rectified without delay.
-
Your personal data is kept in a form that allows identification of the data subjects for no longer than is necessary for the purposes for which it is processed.
-
Your personal data is processed in such a way as to guarantee appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Data controller
Your personal data is collected by us and stored on our premises in secure locations.
Personal data collected
The term ‘personal data’ refers to personal information that enables you to be identified directly or indirectly, as you have agreed to communicate it to us.
This data is likely to be collected when you open an account with us, when you contact us for information or when we set up a contract if you are not known to us (breakdown service, etc.).
With certain exceptions, the personal data likely to be processed by MAMS is :
-
Full name
-
E-mail address
-
Telephone number
Some of this information is required to benefit from all of our services and for the proper processing of the service provided.
Purposes of processing
MAMS may process personal data about you for different purposes depending on the relevant legal basis:
-
Consent: in cases where you have given your consent to the processing of your personal data for one or more specific purposes. These correspond to activities linked to the performance of our duties.
-
Performance of a contract: in cases where the processing of personal data is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual measures taken at your request.
Recipient of the data
Depending on the purposes for which the personal data is collected, the following persons/organisations may have access to your data:
-
MAMS staff (permanent, contract and trainees),
-
Third parties processing personal data as service providers in accordance with our instructions:
-
Contacting users of the FestiCar website
-
-
We do not sell or rent your personal data to third parties. The data collected is intended exclusively for MAMS.
We undertake to ensure appropriate security controls to protect your personal data against any foreseeable danger.
Data retention
Your personal data is kept for as long as is necessary to fulfil the purpose for which it was collected. It will then be archived with restricted access for a further period in accordance with the statutory limitation and retention periods for strictly limited purposes authorised by law. It will then be permanently destroyed.
Data security and confidentiality
All our users' personal data is stored on our own secure computers, based exclusively in France.
We take every precaution to ensure the security of your data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties. All access to our database is secure and controlled.
We implement organizational, technical, software and physical digital security measures to protect personal data against alteration, destruction and unauthorized access.
Transfer of data outside the European Union
We do not transfer any data outside France and, in general, outside the European Union.
Enforcement of your rights
Pursuant to the regulations applicable to personal data (and in particular in accordance with Regulation 2016/679/EU of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the General Data Protection Regulation known as the ‘GDPR’), you have the following rights:
-
Right of access
-
Right of rectification
-
Right to erasure
-
Right to limit processing
-
Right to object
Updating the charter
In a constantly changing world, we reserve the right to make any useful changes to this charter relating to the protection of personal data, at any time, in particular to take account of changes in usage, internal procedures or applicable regulations.
If this charter is modified, we undertake to publish the new version on our website and we will keep you informed. We therefore invite you to consult our charter on a regular basis in order to better understand the use of your personal data and to be aware of any changes or developments in our practices or procedures.
Data Protection Officer
For any questions relating to this Charter and/or to request access to all the information concerning you, to find out the origin of this information, to obtain a copy of it, or to request that your data be rectified, completed, updated or deleted, you may contact our Data Protection Officer by e-mail or post at :
MAMS
Emmy Le Guellec
4 Grand Rue Saint-Maurice
82130 La Française
If your rights are not respected or if you have any difficulties in relation to the management of your personal data, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the supervisory authority responsible for ensuring compliance with obligations relating to personal data.