1. Data Controller
2. Personal data
“Personal data” means any information that may identify the User directly (e.g., his/her name) or indirectly (e.g., through anonymised data such as an unique identifier). This means that personal data includes information such as postal/email addresses, mobile phone numbers, usernames, profile photos, personal preferences and buying habits, User-generated contents, financial data, among others. Personal data may also include unique numerical identifiers such as the IP address of the computer, as well as cookies. In this way, the Companies are led to collect declaration data and behavioural data.
The data transmitted by the User and/or Subscribers is necessary in particular when creating an account, subscribing to a subscription, taking part in a game/contest/competition, drawing up statistics on the use of Digital Media, or to meet the legal obligations incumbent on Companies. Some of the data is transmitted voluntarily by the User of the Digital Media. The optional or obligatory nature of the data is indicated (by means of an asterisk) to the User at the time of their collection. These include, but are not limited to, family name, first name, nickname, email address, access codes, address and postal code, bank details, complaints, age, gender, Posted Contributions, etc.
Within the framework of the processing of personal data, Tennis Majors shares this data with the affiliated companies of the Reworld
Media and Hôtel Victoria groups, independent data controllers (hereinafter referred to as “Affiliated Companies or Companies”).
The Companies collect and process data concerning the User from its commercial partners, in particular on the Use of the Services offered from the Digital Media.
Other data is collected and processed automatically as a result of the User’s use of the Digital Media. These include the IP address, browser characteristics, the software used by the User’s terminal, browsing and logging-in data. We also carry out web analytics measurements, by which we measure the number of pages viewed, activity and the frequency of feedbacks on Digital Media. For this purpose, the Companies have set up automatic tracking tools on Digital Media, that are called cookies. These are small information files that Digital Media can send to the hard drive of a personal computer and then trace them back.
Minors’ personal data
Tennis Major’s services are not intended for minors. It is up to parents and any person exercising parental authority to decide whether their under-age child is authorised to use the Digital Media.
3. Use of data
These data, collected within the framework of the use of Digital Media, if necessary cross-referenced with those of selected partners, are processed for the following purposes:
access to the Services available on Digital Media,
customization of services and improvement of the user experience, canvassing actions,
advertising targeting and profiling,
security of Digital Media.
4. Data Recipients
The data collected may be transferred to our Affiliated Companies in order to comply with their legal obligations, to prevent fraud and/or to secure their tools, to improve their products and services.
The data may also be shared with the Companies’ advertising department with regard to advertising cookies and/or be passed on to subcontracting companies. All subcontractors and service providers are required to sign a contract and an GDPR amendment, which contractually undertake to comply with the purposes defined by the Data Controller.
These subcontractors may be:
Third party companies providing digital and e-commerce services such as customer relationship management (CRM), web analytics, search engine management and user-generated content creation tools;
Advertising agencies, marketing agencies, social and digital network agencies in order to help the affiliated Companies to carry out advertising, marketing and commercial campaigns, to analyse the effectiveness of the latter and to manage Users’ contacts and questions;
Third parties required by the affiliated Companies to provide and deliver a product or service, e.g. for postal/carrier services;
IT service providers, such as platform managers, hosting services, maintenance and technical support for databases as well as for software and applications that may contain personal data;
Survey institutes, market research institutes.
Even if the sets of data have been collected by the affiliated Companies, they are excluded from any liability when the third party companies act as Data Processors and, in particular, when the purpose of the processing differs from that for which the data were collected by the affiliated Companies.
The Companies may also communicate the collected personal data to their partners:
If the service to which the User subscribes was created by the Companies in collaboration with a partner (e.g. a co-branded application). In this case, the Companies and the applicable partner each process the User’s personal data for their own purposes. Therefore, the data is processed:
by the Companies in accordance with this personal data protection policy;
by the partner also acting as data controller under its own terms and conditions and in accordance with its own personal data protection policy.
If the User accepts, at the time of registration or subscription, to receive offers or canvassing documents from a partner of the Companies by means of a dedicated registration/opt-in procedure, his/her data will be processed by the partner acting as data controller under its own conditions and in accordance with its personal data protection policy. As each Partner Company is an independent Data Controller, the affiliated Companies waive all liability for the use of personal data by each of the partners.
The Companies guarantee that they have taken all necessary measures to preserve the security of Users’ personal data. In the same way, they limit access to personal data to only those employees whose duties require the consultation of such data.
6. Retention period
The data is retained as long as the User remains an “active” customer and is deleted after three years of inactivity on the customer account. At the end of this period of time, some of the data is
saved in interim records with restricted access and duration defined according to legal requirements, depending on the nature of the document (accounting, legal, tax documents). Once these deadlines have passed, they are definitively removed from any support.
7. Data transfer outside the European Union
The user is informed that personal data relating to him/her may be transferred within and outside the EU territory for the processing and purposes as indicated above.
When the transfer is made to a country with a level of adequacy different from that of the EU, the Data Controller implements the measures recommended by the CNIL on the subject, namely: standard contractual clauses and BCR (Binding Corporate Rules).