News Fixtures Commitment
Live Tickets Shop Business

Privacy policy

Updated on December 7th 2023

STADE RENNAIS FOOTBALL CLUB, a professional sports company (Société anonyme sportive professionnelle - SASP), whose address is La Piverdière, Chemin de la Taupinais, CS 53909, 35039 Rennes Cedex (hereinafter "SRFC") undertakes to comply with the regulations applicable to personal data and in particular Regulation (EU) 2016-679 of 27 April 2016 (hereinafter "RGPD") and the amended Loi Informatiques et Libertés of January 6th 1978. 


This Privacy Policy informs users of the terms and conditions under which SRFC processes personal data in : 

  • publishing the following sites (hereinafter the "Sites") :
    • the official SRFC website (https://www.staderennais.com) 
    • the online shop (https://boutique.staderennais.com) 
    • the online ticketing (https://billetterie2.staderennais.com) 
    • the company website (https://business.staderennais.com)
    • the Bouge! website (https://bouge.staderennais.com/)
    • the Au Fer Rouge website (https://www.auferrouge.com/) 
    • organising competitions 
    • the Klub Affaires application, which helps SRFC partners get in touch with each other
    • managing the SRFC's social networks, in particular Facebook, Instagram, LinkedIn, Snapchat, TikTok, Twitch, Twitter and YouTube 


This privacy policy is not of a contractual nature and does not create any obligations other than those already provided for by the RGPD. 


Users acknowledge that they are aware of this. 


Article 1. Responsibility and security of personal data processing

In collecting and processing users' personal data, SRFC acts as data controller.

The SRFC does not take any decision, with regard to users, based exclusively on automated processing, including profiling, producing legal effects concerning them or affecting them in a similar and significant manner.

Users' personal data collected by the SRFC are processed in such a way as to guarantee appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.

However, users are informed that their data may be collected by the platforms relayed on its Sites (for example, Twitter or YouTube) without SRFC being responsible for any such processing. 


Article 2. Types of personal data collected 

As part of its activities, SRFC collects personal data:

  • Visitors or users of the Sites ;
  • SRFC social network users or subscribers;
  • Holders of a personal account on the Sites;
  • Contacts who have filled in an online form on the Sites;
  • Customers who have placed orders for products and/or services on the Sites or in SRFC physical shops;
  • SRFC prospects ;

This personal data is processed lawfully, fairly and transparently by SRFC. 

SRFC also undertakes to ensure that such data is adequate, relevant and limited to the purposes described in Article 3 of this Privacy Policy. SRFC takes care not to collect unnecessary personal data.

The SRFC does not collect any so-called sensitive data, i.e. any personal data relating to a user's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, or data relating to a user's sex life. In the event that a user transmits such data to the SRFC, the user acknowledges that such data is transmitted at the user's sole initiative and under the user's responsibility. 

Where applicable, the mandatory nature of the data collected is indicated. If this data is not completed, SRFC will not be able to provide the user with the desired services. 


Article 3. Purposes of the personal data collected 

The purposes of the processing carried out by SRFC in connection with the aforementioned Sites and social networks are legitimate and explicit, as set out below:

  • Managing a personal account : 
    • Basis: Contractual nature or SRFC's legitimate interests, as the case may be
    • Expiry: 3 years from last activity
  • Managing commercial relations and processing orders
    • Basis: Contractual nature or SRFC's legitimate interests, as the case may be
    • Expiry: 3 years from the end of the contractual relationship
  • Claims and litigation management
    • Basis: Contractual nature or SRFC's legitimate interests, as the case may be
    • Expiry: 3 years from the end of the contractual relationship
  • Manage newsletter subscriptions, news and offers
    • Basis: Individual's consent or SRFC's legitimate interests
    • Expiry: 3 years from collection
  • Managing prospects and contacts
    • Basis: Individual's consent or SRFC's legitimate interests
    • Expiry: 3 years from collection
  • Accounting management
    • Basis: Contractual nature or SRFC's legitimate interests, as the case may be
    • Expiry: 10 years from the end of the financial year
  • Managing the exercise of your rights regarding the processing of personal data
    • Basis: Legal obligations
    • Expiry: 3 years from exercise of the right

 

Users' personal data may also be further processed for statistical purposes.


Article 4. Groups of recipients of personal data

Access to users' personal data is reserved for :

  • SRFC departments: marketing and sales, legal department
  • Our service providers: Sécutix, Ingenico, Qualifio, DataCampus,
  • Any third party to whom we are obliged to disclose it by virtue of a legal obligation or an administrative or judicial decision.


Article 5. Duration of storage of personal data

In accordance with applicable regulations, users' personal data is only kept by the SRFC for the time strictly necessary to fulfil the purposes defined in article 3 of this confidentiality policy.

The SRFC may keep certain personal user data on file in order to establish, exercise or defend its legal rights.


Article 6. Users' rights to their personal data

Users may contact the Data Protection Officer (DPO) if they wish to exercise any of their rights or have any questions relating to their personal data. He can be contacted by :

  • Email : dpo@staderennais.fr
  • Postal address: La Piverdière - Chemin de la Taupinais - CS53909 - 35039 RENNES CEDEX

In the event that SRFC has reasonable doubt as to the identity of the user sending it a request relating to his/her personal data, it may ask the user to prove his/her identity.

Access: At the user's request, and in the event that personal data is processed, SRFC will provide the user with a copy of such data. If this request is made electronically, the data will be sent to the user electronically (unless the user requests otherwise).

Rectification: At the user's request, SRFC may modify personal data concerning him/her if it is inaccurate or incomplete.

Deletion: At the user's request, SRFC may erase, as soon as possible, personal data concerning the user if one of the reasons referred to in Article 17 of the RGPD applies. In particular, if the data collected is no longer required by SRFC for the purposes for which it was collected.

Limitation: At the user's request, the SRFC may limit the processing of the user's personal data if the data is inaccurate or if the user objects to the processing. This restriction will only last as long as it takes SRFC to carry out the necessary checks. This right may also apply if SRFC no longer needs the user's data to carry out the processing.

Opposition: Users may oppose the processing of their personal data at any time. The user will nevertheless have to justify a particular situation: either a legitimate reason or to prevent the use of personal data for commercial prospecting purposes. 

Portability: At the request of a user, the SRFC may send him or her personal data in a structured, commonly used and machine-readable format. This right only concerns personal data provided by the user.

Death: Each user has the possibility of defining directives relating to the conservation, deletion and communication of their personal data after their death. The user concerned may modify or revoke these instructions at any time. The beneficiaries of the user may ensure that these directives are respected. 

Complaints: If a user considers that the processing of his or her personal data constitutes a breach of the applicable regulations, he or she is invited to first contact the SRFC in order to resolve any problems that may arise, before lodging a complaint with the CNIL :

Commission Nationale de l'Informatique et des Libertés 
3 place de Fontenoy 
TSA 80715 
75334 Paris Cedex 07

The SRFC undertakes to respond to any request relating to users' rights within a reasonable period of time, which may not exceed 1 month from receipt of the request.

The SRFC will notify the user concerned of the rectification or deletion of his/her personal data, or the restriction of processing concerning him/her, unless such notification proves impossible or requires disproportionate efforts. 

The SRFC may also object to requests that are manifestly abusive (due to their number, repetitive or systematic nature).


Article 7. Transfer of personal data outside the EU

SRFC uses partners or service providers to whom it needs to transfer all or part of the data it collects and processes. The servers of some of these parties are located outside the European Union, and your data may therefore be transferred outside the European Union. 

In this case, the SRFC takes the necessary measures vis-à-vis its partners or service providers to guarantee a level of protection for your data that is adequate to the present confidentiality policy and complies with the regulations in force.

If the service providers concerned are not located in a country whose legislation is considered to offer adequate protection, SRFC undertakes to provide appropriate guarantees to protect users' personal data, in accordance with Article 46 of the GDPR, in particular by using contractual clauses approved by the European Commission. 


Article 8. Cookie management policy

The SRFC also collects personal data through tracking technologies such as cookies. A cookie is a small text file containing information, which is stored on the user's equipment (computer, tablet or mobile phone) and which makes it possible to offer a better experience. The cookies used by the SRFC make it possible to measure the use of the sites, to offer a personalised shopping experience and to display personalised advertising from the SRFC and its partners.

The following types of cookies are used by the SRFC:

  • Necessary" cookies facilitate browsing on SRFC platforms by delivering all their functionalities. They are generally placed in response to actions carried out by users and which correspond to a request for services. These cookies are essential to the proper functioning of the Sites and do not store any personal data.
  • Statistical" cookies help to improve the Sites by collecting and reporting information on user behaviour.
  • Personalisation cookies are used to improve the experience of each user by personalising the content offered when visiting the Sites.
  • Third-party cookies enable third parties to see which pages a user has visited on the Sites in question and to collect information about the user, particularly for advertising purposes.

 

Article 9. Updating of the privacy policy

SRFC reserves the right to update its privacy policy, in particular in order to comply with any legislative, regulatory, case law or technological developments. In such a case, the date of the update will be clearly identified herein. 

These changes are binding on the user as soon as they are posted online. Users should therefore consult this Privacy Policy and the Site's Cookie Management Policy regularly to take note of any changes.

 

Translated for information purposes only. Only French version of the privacy policy is binding

Join us
Legal notice Privacy policy Cookies management