Date of last update: 03/2024
This policy applies to the processing of Data that we carry out on your Personal Data via the ASC application and the www.pro.asctrainer.com website and its sub-domains (hereinafter and together the “Platform”). This document describes how your Personal Data is processed by ASC in accordance with current data protection regulations). This document describes how your Personal Data is processed by ASC in accordance with current data protection regulations.
1 - DEFINITIONS
“Personal Data” or “Data” means any information that directly or indirectly identifies a natural person (e.g. surname, first name, telephone number, date of birth, address, etc.).
“Data controller” means the natural or legal person who, alone or jointly with others, determines the purposes and means of processing.
In this document, it is the entity designated in article 2.
“Data Subject” means any natural person whose Personal Data is collected and processed through the Platform.
The expressions defined above have the same meaning, whether they are used in the plural or in the singular.
2 - CONTACT DETAILS OF THE DATA CONTROLLER
In this Privacy Policy, the terms “we”, “us”, “our” or “CSA” are used to refer to:
ASC Trainer, SAS with registered office at 37 avenue Trudaine, 75009 Paris.
RCS n°985 028 760.
ASC acts as Data Controller for the processing of your Data.
You can contact ASC if you have any questions about data protection at the following e-mail address: privacy@asctrainer.com
3 - HOW IS YOUR DATA USED?
When you use the functionalities of our Site, we process your Data under the following conditions and for the following purposes:
Why does ASC use your data? | What categories of data are collected? | What is the legal basis for processing? | How long is this data stored? |
---|---|---|---|
Create your account on the Platform | Identity data, Coach contact details, Country of practice, Login details, Professional identification documents and proof of qualifications, Bank details, Links to social network accounts, Proposed activities, Proposed services, Partnerships and promotions, Area of intervention, Music playlists, Exchanges with ASC experts, Profile photo. | Pre-contractual measures | As long as you have an Account + 5 years from the closure of your Account (legal statute of limitations) |
Check documents submitted to obtain the Certified Coach badge | Professional and supporting documents, Date of submission, Content of exchanges, Coach contact details | Pre-contractual measures |
For Coaches whose profile is validated : Until account deletion For Coaches whose profile has not been validated : Up to 1 month after the decision to refuse the Coach’s registration |
Publish your product and service offers on the Platform | Account Identifiers, Account Information, Product or Service Information, Links to Social Network Accounts, Proposed Activities, Proposed Services, Partnerships and Promotions, Area of Operation. | Contract performance | Up to 5 years from the deletion of the product or service file concerned. |
Provision of services connecting Coaches with Users | Account identifiers, Account information, Profile information, Transaction and payment information, Subscription status, Exchange history | Contract performance | As long as you have an Account + 5 years from the closure of your Account (legal statute of limitations) |
Customer relationship management (information, notifications, promotional offers, etc.) | Account identifiers, transaction and payment history, customer service communications, account preferences. | Contract performance | As long as you have an Account + 5 years from the closure of your Account (legal statute of limitations). |
Comply with our financial management and accounting obligations | Invoices, transaction history, account identifiers, coach details, user details, exchanges, tax documents | Legal obligation | 10 years from the end of the fiscal year of the transaction concerned |
Offer a messaging service between Users and Coaches. | Account identifiers, message content, message date and time, message status | Legitimate interest |
As long as you have an Account + 5 years from the date of closure of your Account (legal statute of limitations). If you delete a message from a conversation, it will be permanently deleted after 6 months. |
Manage reviews | Account identifiers, review content, rating, member name, date and time of review. | Legitimate interest |
As long as you have an Account. After that, the reviews are anonymized. |
Invoicing on behalf of Coaches | Account identifiers, transaction history, user and coach contact details, invoices generated | Contract performance | 10 years from the end of the fiscal year of the transaction concerned |
Payment and tracking of Platform subscriptions and management of financial flows | Account identifiers, Transaction history, Bank details and payment methods, Transaction information, Subscription status | Contract performance | As long as you have an Account + 5 years from the closure of your Account (legal statute of limitations) |
Managing complaints | Account identifiers, Account information, Platform usage information, Complaint correspondence | Legitimate interest | Up to 5 years from date of claim closure |
Management of disputes with Users / Coaches | Contact details, Account history, Account identifiers, Account information, Platform usage information, Correspondence, Supporting documents | Legitimate interest | 5 years from the closure of your Account (legal statute of limitations) or until the expiry date of legal remedies in the event of the opening of legal proceedings. |
Retention of credit cards for future payments | Bank details, Card expiry date | Legitimate interest | Until your account is deleted |
Commercial prospecting | Communication preferences, purchase history, browsing data, interaction with marketing e-mails | Legitimate interest | Up to 3 years from last active contact |
Customer support | Account identifiers, Account information, Platform usage information, Transaction and payment information, Content of support request tickets, exchanges and attachments, Contact details | Contract performance | Up to 5 years after the closing date of your support request |
Respond to all contact requests | Contact details, account identifiers, correspondence history, request status | Legitimate interest | Up to 5 years after the closing date of your request |
Ensure platform security | Account identifiers, IP address, Browsing data, Transaction history, Activity logs, Device information | Legitimate interest | Up to 1 year after the last activity on the account, or until closure of the investigation if an investigation is required. |
Manage the Platform (troubleshooting, bug resolution, etc.) | Account identifiers, Account data, Platform usage data, Contact information | Legitimate interest | Up to 5 years after incident closure date |
To compile statistics on the use of services for the purpose of improving services | Number of users, Number of Coaches, Number of offers published, Account data, Platform usage data, Transaction and payment information, Traffic data (cookies) | Legitimate interest |
Raw data used for statistical purposes are kept for a maximum of 10 years. Aggregated and anonymous data is stored indefinitely. |
Managing disputes between Users and Coaches | Account identifiers, transaction information, dispute correspondence | Contract performance | Up to 5 years from date of dispute closure |
Manage referral program | Account identification, guest member profile data, guest member registration information, monetary benefit amount, referral code | Contract execution | Until your account is deleted |
Management of responses to requests to exercise the rights of data subjects | Identity of data subject, nature of request, supporting documents | Legal obligation | Up to 5 years after the date of closure of the request |
To meet our legal obligations (tax, legal requests, etc.) | Account identification, account data, Platform usage data, User data, Coach data | Legal obligations | In accordance with current legal requirements |
To sell or reorganize part of our business or assets |
|
Legitimate interest | In accordance with applicable legal requirements |
The compulsory or optional nature of the Data requested from you, as well as the consequences of failing to reply, are specified at the time the Data is collected, notably by the presence or absence of an asterisk.
4 - RECIPIENT OF YOUR DATA
Your Personal Data may be transmitted to third parties by ASC in the following situations:
- Transfers to our partners and service providers, for example to manage the Platform’s payment and financial flow management services or to enable you to benefit from the insurance taken out with our partner;
- Transfers to Users: For the purposes of the Platform, Users may access your Data (for example via your profile or via the messaging system).
- Transfer to other Coaches: For the purposes of the Platform, other Coaches may have access to your Data (e.g. if you organize a course session with several Coaches).
- Transfers to Platform partners: for security reasons, we may communicate some of your
Personal Data to Platform partners where services are provided. - To regulatory authorities, supervisory authorities, law enforcement or fraud prevention authorities, as well as to our advisors (including attorneys or auditors), the courts, any other authorized body for the purposes of preventing or detecting illegal activity, protecting the safety of any person or enforcing our rights,
- In the event of a merger, acquisition of our business or assets or other similar event, to a potential buyer or other purchaser of our business or assets with whom we have a contractual relationship.
5 - INDEPENDENT DATA CONTROLLER
When you use the Platform, you are also acting as an independent data controller within the meaning of the General Data Protection Regulation (GDPR), in particular for the following purposes:
- Sports services
- Product delivery
- Management of legal warranties associated with the sale of Products
- Management of complaints sent by Users to Coaches
- Manage their own legal obligations (tax, accounting, etc.)
As data controllers, the Coaches undertake to comply with all their legal obligations under the GDPR and any other applicable data protection legislation.
In particular, the Coaches undertake to implement appropriate technical and organizational measures to ensure the security of Personal Data and to inform Users about the processing of personal data that they implement.
ASC shall in no event be liable for any actions or omissions of the Coaches in their capacity as independent data processors.
The Coaches agree to indemnify and hold ASC harmless from any and all claims, losses, damages, or administrative sanctions resulting from the Coaches’ failure to comply with their obligations as independent data processors.
6 - YOUR RIGHTS
In accordance with the French Data Protection Act of January 6, 1978, as amended, you have the following rights:
Obtain a copy of your Data – “right of access”
You have the right to request confirmation of the Data actually processed, to obtain a copy of that Data and information on how we process that Data.
Correct your Data – “right of rectification”
You have the right to ask us to rectify your Data if it is inaccurate or incomplete.
Deleting your Data – “right to erasure”
You may request the deletion of your Data for various reasons, for example if the processing is unlawful or if you withdraw your consent.
Restricting the use of your Data – “right to restrict processing”
You may ask us to restrict the processing of your Data for specific reasons, for example if you believe that the Data is inaccurate or if the Data is no longer necessary for our processing, but may be necessary for you in connection with legal proceedings.
Request that we stop processing your Data – “right to object”
You may object to the processing of your Data based on our legitimate interests, unless we demonstrate otherwise or if your Data is required for legal purposes.
Choose and change your mind – “right to withdraw your consent”
If you have previously given your consent, you have the right to withdraw it at any time.
Take away your Data – “right to portability”
Under certain conditions, you have the right to receive a copy of your Data in order to transfer it to another data controller.
Giving post-mortem instructions – “the right to give instructions on what to do with your Data after your death”
You can record instructions on how to handle your Data after your death.
Requesting human intervention – “the right not to be subject to automated decisions”
If an automated decision that has a legal effect or affects you is made about you, you have the right to request the intervention of a human person to review the decision, or in some cases, object to being subject to a fully automated decision.
You can obtain more information on the scope of these rights on the CNIL website by clicking here.
You can exercise these rights by sending a written request to the following address: ASC, 33 rue La Fayette, 75009 PARIS or by email: privacy@pro.asctrainer.com.
If necessary, we reserve the right to request proof of identity in order to respond to your request.
We will respond to any request received from you within one month of the date of the request.
If your request is not sufficiently precise or does not contain all the information required to respond to your request, ASC may ask you to provide additional information.
If you have a complaint about the way ASC processes your Data, you also have the right to contact the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.
7 - DATA SECURITY
We have implemented security measures in line with the security standards applicable to the processing of Personal Data in order to prevent any security breach and to prevent your Data from being accessed, altered, disclosed or destroyed in an unlawful manner.
Here are the main security measures we have implemented:
- Hosting and databases : ASC uses the services of Oxeva for data hosting and processing.
All data is hosted in France. - Secure HTTPS connection to highly secure servers.
Data storage and encryption by Stripe, our partner specialized in payment data security.
Stripe is PCI-DSS certified, and its security standards are regularly verified and approved by the likes of Carte Bleue, Visa and Mastercard.
8 - MODIFICATION OF THE PRIVACY POLICY
We reserve the right to modify this privacy policy.
In the event of a material change to your rights, we will take the necessary steps to inform you and will post the updated privacy policy on the Site.
9 – GOOGLE SERVICES API
The use of the ASC Trainer application and the transfer to any other application of information received from Google APIs will be in accordance with the Google API Services User Data Policyservices, including the limited use requirements.
10 - CONTACT US / DISPUTES
If you have any questions about this privacy policy, please contact us at privacy@asctrainer.com.