PRIVACY POLICY

1. Introduction
 

Euroculture en Pays Gentiane (tax number: FR51443624663, registered address: Creyssac, postal code: 15400, city: Menet, country: France), as the data controller (hereinafter referred to as the “Data Controller”), provides this Privacy Policy (hereinafter referred to as the “Policy”) to inform its users about the purposes and procedures of its data processing activities, and to ensure that such activities are transparent and easily understandable. The Data Controller conducts its data processing practices in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”).

 

We kindly ask all users to carefully read our Privacy Policy before using our services.

 

2. Data Controller Information
 

Organisation name: Euroculture en Pays Gentiane
Tax number: FR51443624663
Registered address: Creyssac
Postal code: 15400
City/Town: Menet
Country: France
Email: eurocultureenpaysgentiane@gmail.com / euroculture.leaders@gmail.com
Phone: 0620927649
Website: https://euro-culture.com/ / https://app.euro-culture.com/
Registering authority (Company Registry): RNA (Ministère de l’Intérieur)
Date of registration: 01/12/2001
Original language of this Privacy Policy (in case of interpretation disputes): English

 

3. Definitions
 

To facilitate the interpretation of this Policy, the most important terms are defined below in accordance with the relevant legislation:

Personal Data : 

Any information relating to a natural person (“data subject”) who is identified or identifiable, directly or indirectly. Such data may include, in particular, the person’s name, identification number, location data, or online identifier.

Data Subject :

The natural person whose personal data is processed by the Data Controller.
 

Data Controller : 

A natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
 

Data Processing : 

Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. This includes, in particular, collection, recording, organization, structuring, storage, adaptation or alteration.
 

Data Processor :

A natural or legal person who processes personal data on behalf of the Data Controller.

Processing by Processor :

The entire set of processing activities carried out by the Data Processor on behalf of or under the instructions of the Data Controller.
 

Erasure :

The rendering of data irreversibly unrecognizable in such a way that its recovery is no longer possible.

Third Party :

A natural or legal person who is not the data subject, data controller, or data processor, nor a person who, under the direct authority of the controller or processor, is authorised to process personal data.

Consent of the Data Subject :

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Data Breach :

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Set :

The entirety of data processed in a specific register.

Enterprise :

A natural or legal person engaged in an economic activity, regardless of its legal form.

​

4. Legal Basis for Data Processing
 

This Policy applies to the Data Controller’s website (https://euro-culture.com/ / https://app.euro-culture.com/), its subpages (collectively, the “Website”), as well as any external interfaces and contact points outside the Website; it also governs data processing related to contracts concluded between the Data Controller and the Data Subject..

The processing of personal data voluntarily provided by the Data Subject via the Website or through external interfaces is based on the data subject’s consent pursuant to Article 6(1)(a) of the GDPR.

The processing of personal data in connection with contracts concluded between the Data Controller and the Data Subject is based on Article 6(1)(b) and (c) of the GDPR. Under Article 6(1)(b), the processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract. Under Article 6(1)(c), the processing is necessary for compliance with a legal obligation to which the Data Controller is subject..

In certain cases, the Data Controller may process personal data related to the Website, external interfaces, or contractual relationships with the Data Subject based on its legitimate interest, pursuant to Article 6(1)(f) of the GDPR.

 

5. Data Processing Based on the Data Subject’s Consent Outside of a Contractual Relationship
 

The Data Controller may process the personal data of natural persons who are not in a contractual relationship with the Data Controller but who use certain services available on the Website or voluntarily provide personal data via external platforms associated with the Data Controller.

Examples of the former include user registration or subscribing to a newsletter; examples of the latter include personal data voluntarily shared via email by an interested party.

​

5.1. Purpose of Data Processing
 

The purposes for which the Data Controller processes personal data, based on the data subject’s consent outside of a contractual relationship, are as follows:

​

Provision of Services :

The Data Controller uses the personal data of the Data Subject to provide its services. An example of this is the newsletter.
 

Analytical and Statistical Analysis :

For the purpose of improving and optimizing its services, the Data Controller may use personal data in an anonymized form.

Information :
To inform the Data Subject about all matters relating to the Data Controller and its services.

Communication :

Maintaining contact with the Data Subject through all interfaces linked to the Data Controller, including monthly newsletter distribution.

Possibility of Future Cooperation :

Processing personal data for the purpose of preparing and laying the foundation for potential future cooperation with the Data Subject.

​​

​​

5.2. Scope of Data Subjects
 

• Natural persons who register on the Data Controller’s Website or provide their personal data via any platform associated with the Data Controller (e.g. Instagram, Facebook).

• Data Subjects expressing interest in future cooperation.

• Individuals requesting information or making inquiries.

​

5.3. Scope of Processed Personal Data
 

Basic Identifying Information : 

Name, email address, date of birth, telephone number.

Content of Communication :

Content of messages sent by the Data Subject, including any attached documents, which may contain personal data or special categories of personal data.

Technical Data :

Data generated during electronic communication, such as timestamps, IP address, device-specific information, and metadata of shared documents.

​

5.4. Duration of Data Processing

​

Personal data provided during registration

 

Until the registration is terminated.

Data related to contact or inquiries

Until the purpose of the contact has been fulfilled, but no longer than 1 year from the date of data collection.

Technical data

For up to 2 years following the use of the Website.

 

5.5. Data Processors

The Data Controller may engage the following Data Processors in the course of its data processing activities:

data processor

registered address

explanation

Google Ireland Ltd

Gordon House Barrow Street Dublin 4, Ireland

Storage of processed data on Google Drive.

Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

Storage of processed data on Microsoft Office platforms.

MailerLite Limited

8 Mount Street Upper, Dublin 2, D02 PR89 Ireland

Storage of processed data via MailerLite services.

 

 

5.6. Persons Within the Data Controller’s Organisation Authorised to Access Data

Access to personal data is granted exclusively to those employees of the Data Controller whose duties include managing and responding to inquiries, and maintaining relevant databases (e.g. newsletter or registration databases).

 

5.7. Restriction on Data Transfers

The Data Controller does not transfer the Data Subject’s personal data to third parties, except where required by law or if the Data Subject has given prior consent.

 

6. Data Processing Related to the Conclusion and Performance of Contracts

In the course of concluding and performing contracts, the Data Controller may process personal data related to the Data Subject or other individuals involved in the contractual relationship, for the purpose of preparing, concluding, and fulfilling contractual cooperation or service provision.

 

6.1. Adatkezelés célja

purpose

definition

Provision of Services

The Data Controller uses the personal data of the Data Subject to ensure the provision of its services.

Establishment and Execution of Cooperation

The Data Controller uses the personal data of the Data Subject to establish and perform contractual cooperation. An example would be a development agreement.

Communication

Maintaining contact with the Data Subject across all platforms associated with the Data Controller for the purpose of contractual performance.

Compliance with Legal Obligations

The Data Controller processes personal data to fulfil its legal obligations. This includes, in particular, obligations under tax and accounting legislation.

Invoicing and Accounting

Issuing invoices for services provided, recording financial transactions, and maintaining accounting records in accordance with applicable laws.

Enforcement of Rights and Obligations

Exercising rights and fulfilling obligations arising from contracts, as well as enforcing or defending legal claims.

 

6.2. Scope of Data Subjects

• Natural persons who use services on the Data Controller’s Website that involve the conclusion of a contract.

• Natural persons applying for contractual cooperation, or representatives and contact persons of legal entities who qualify as natural persons.

• Partners (such as contractors or service providers) and their representatives or contact persons.
   

 

 

6.3. Scope of Processed Personal Data

data subject

processed personal data

Natural Person

Name, birth name, place and date of birth, mother’s name, nationality, permanent or temporary address, identification document number, address card number, bank account number, phone number, email address, mailing address, documents related to the case, special categories of personal data (if necessary).

Representatives of Legal Entities

Name, position, phone number, email address, permanent or temporary address, identification document number, mailing address.

 

personal data processed in connection with taxation and accounting

Identification Data

Name, address, tax identification number, tax number

Billing Data

Invoice number, amount, date of performance, method of payment

 

6.4. Duration of Data Processing

type of processing

retention period

Data related to service provision by the Data Controller

2 years from the date of contractual performance by both parties.

Data related to the establishment and execution of cooperation

5 years from the date of full contractual performance of the cooperation.

Accounting records and invoices

At least 8 years, in accordance with the applicable accounting legislation, for records that directly or indirectly support bookkeeping.

Jogvita esetén

5 years from the conclusion of proceedings closed by a final and binding decision.

 

6.5. Data Processors

The Data Controller may engage the following Data Processors in the course of data processing and may transfer data to them:

data processor

registered address

explanation

Google Ireland Ltd

Gordon House Barrow Street Dublin 4, Ireland

Storage of processed data on Google Drive.

Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

Storage of processed data on Microsoft Office platforms.

 

6.6. Persons Within the Data Controller’s Organisation Authorised to Access Data

Access is granted to the Data Controller’s executive director and to those employees whose responsibilities include managing contracts, assisting in their conclusion, maintaining the contract database, and performing accounting duties.

 

6.7. Data Transfers

• Legal obligation: The Data Controller is required to disclose personal data to public authorities or courts in accordance with applicable legal obligations.

• Legal enforcement: The Data Controller may transfer data to courts or dispute resolution bodies in order to enforce its legal rights.

• Postal and courier services: Name and address data may be transferred for the purpose of delivering shipments.

• Payment transactions: Data necessary for the execution of payments may be transferred to a third party managing the payment, with the data subject’s consent.

• With the data subject’s explicit consent.

 

7. Rights of Data Subjects and Their Enforcement

This section outlines the rights you, as a Data Subject, have regarding the processing of your personal data, and how you can exercise these rights.

 

7.1. Right to Prior Information

The Data Subject has the right to receive information about the facts and circumstances of data processing prior to the commencement of such processing.

 

7.2. Right of Access

The Data Subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed, and, where that is the case, to access the personal data and relevant information regarding the processing.

 

related information

Purposes of the data processing

Categories of personal data concerned

The recipients or categories of recipients to whom the personal data have been or will be disclosed

The envisaged period for which the personal data will be stored

The existence of the data subject’s right to request from the data controller rectification or erasure of personal data, or restriction of processing concerning the data subject, and to object to such processing

The right to lodge a complaint with a supervisory authority

Where the personal data are not collected from the data subject: any available information as to their source

 

7.3. Right to Rectification

If the personal data we process concerning the Data Subject is inaccurate or incomplete, the Data Subject has the right to request its rectification or supplementation.

 

7.4. Right to Erasure (“Right to be Forgotten”)

The Data Subject has the right to request that the Data Controller erase their personal data without undue delay in the following cases:

• The data is no longer necessary for the purposes for which it was collected or otherwise processed.

• The Data Subject withdraws the consent on which the processing is based and there is no other legal ground for the processing.

• The Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing.

• The personal data has been unlawfully processed.
   

Certain data cannot be erased if the Data Controller is required to retain them due to legal obligations (such as those related to accounting or taxation).

 

7.5. Right to Restriction of Processing

The Data Subject has the right to request restriction of processing of their personal data if any of the following conditions apply:

• The Data Subject contests the accuracy of the personal data, for a period enabling the Data Controller to verify the accuracy of the data.

• The processing is unlawful, and the Data Subject opposes the erasure of the data and requests the restriction of its use instead.

• The Data Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims.

• The Data Subject has objected to processing, pending verification of whether the legitimate grounds of the Data Controller override those of the Data Subject.

 

7.6. Right to Data Portability

The Data Subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without hindrance from the Data Controller.

Where technically feasible, the Data Subject has the right to request the direct transmission of personal data from one controller to another.

 

 

7.7. Right to Object

The Data Subject has the right to object at any time to the processing of personal data based on legitimate interests. In such a case, the Data Controller shall no longer process the data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject.

 

7.8. Right to Withdraw Consent

Where the processing is based on the Data Subject’s consent [Article 6(1)(a) GDPR], the Data Subject has the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

7.9. Right to Legal Remedies

Under applicable law, the Data Subject has the following remedies:

Filing a complaint with a supervisory authority:

If the Data Subject believes that the processing of their personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection authority.
Contact details:

• Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

• Website: www.cnil.fr

• Email (contact form): https://www.cnil.fr/fr/plaintes

• Phone: +33 (0)1 53 73 22 22
   

Judicial remedy:

The Data Subject has the right to seek judicial remedy if their rights have been violated. Legal proceedings may be initiated before the court competent for the Data Subject’s place of residence or habitual residence.

 

7.10. Exercising Data Subject Rights

To exercise their rights, the Data Subject may contact the Data Controller using the following contact details:

• Email: eurocultureenpaysgentiane@gmail.com / euroculture.leaders@gmail.com

• Postal address: 29 Rue des Écoles (Postes), Menet 15400, France
   

In the request, please clearly specify the right you wish to exercise and provide your contact information to facilitate response.

 

8. Data Recipients and Categories of Recipients

The Data Controller pays particular attention to ensuring that the personal data of the Data Subject is only shared with third parties when legally justified, for a specific purpose, and to the extent necessary.

The following section details which third parties may qualify as recipients, what categories they belong to, and under what conditions the data may be transferred.

 

8.1. Use of Data Processors

Below are all data processors acting on behalf of and under the instructions of the Data Controller, for the purposes and methods previously described.

data processor

registered address

Google Ireland Ltd

Gordon House Barrow Street Dublin 4, Ireland

Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

MailerLite Limited

8 Mount Street Upper, Dublin 2, D02 PR89 Ireland

 

The data processors may use personal data solely in accordance with the instructions of the Data Controller and for the purposes defined by the Data Controller.

They are obligated to implement appropriate technical and organisational measures to ensure the security of the data.

The Data Controller only cooperates with data processors who guarantee compliance with the provisions of the GDPR.

The Data Controller always exercises the utmost care and diligence when selecting its data processors; however, it does not assume liability for any legal violations committed by the data processors.

 

8.2. Data Transfers Based on Legal Obligation

The Data Controller may be required by law to disclose personal data to the following authorities:

recipient

purpose of data transfer

Tax Authorities

Data may be transferred, for example to the Direction générale des Finances publiques (DGFiP), in order to comply with tax-related legal obligations.

Bíróságok és hatóságok

Data may be transferred to courts and relevant public authorities for the purpose of participating in legal proceedings.

 

Data transfers may only occur in cases defined by the applicable laws and in accordance with the procedural rules specified therein.

The Data Controller shall always ensure the lawfulness of such transfers.

The Data Subject shall be informed of the data transfer, unless such notification is excluded by law.

 

8.3. Data Transfers Based on the Data Subject’s Consent or Request

Within the scope of cooperation with the Data Subject, the Data Controller may transfer personal data to third parties at the request of or with the consent of the Data Subject, for the purpose of enabling or facilitating such cooperation.

 

Conditions:

• The transfer shall take place only with the Data Subject’s explicit consent or request.

• The Data Controller shall inform the Data Subject in the context of their request about the purpose and recipient of the data transfer.

• The Data Controller ensures the security and confidentiality of the personal data during the transfer.

 

8.4. Data Transfers to Postal or Courier Services

When using postal services (e.g. Magyar Posta) or courier companies (e.g. DHL, GLS), the Data Controller shall provide the necessary personal data (e.g. name, address) to the service providers for the purpose of delivering shipments.

 

9. Data Protection Measures

The Data Controller is committed to protecting the personal data provided by the Data Subjects and takes all necessary measures to ensure that personal data is protected and processed securely.

This section of the Privacy Policy outlines the technical and organisational measures implemented to guarantee the security of personal data.

 

9.1. Technical Measures

measure

description

Secure Data Storage

Personal data is stored by the Data Controller on secure servers protected by passwords and firewalls.

Access Restriction

Access to personal data is regulated according to levels of authorisation. Only those employees of the Data Controller who require access for the purpose of data processing are granted permission.

Antivirus Protection and Firewall

Our systems are protected against external threats with up-to-date antivirus software and firewalls.

Regular Backups

Backups of personal data are performed at regular intervals, allowing for data recovery and preservation.

Regulation of External Storage Devices

The use of external storage devices (e.g. USB drives, external hard disks) is regulated to prevent unauthorised copying of data.

 

9.2. Organisational Measures

measure

description

Development of Data Management Policies

Internal policies define the procedures for data processing, data security requirements, and the protocol for handling data protection incidents.

Staff Training

Our staff regularly receive training and information sessions on the importance of data protection and data security.

Confidentiality Obligation

All employees, contractors, and partners with access to personal data are required to sign a confidentiality agreement and must treat all personal data as strictly confidential.

Incident Response Procedure

We maintain a defined protocol for identifying, reporting, and managing data protection incidents, including notification of the data subjects and the competent supervisory authority where applicable.

 

10. Data Generated Through Use of the Website, Cookies, and Promotion

To improve its services and enhance the user experience, the Data Controller collects certain data from the Data Subject regarding their technical environment and usage habits.

 

10.1. Purpose of Data Processing

purpose

description

Proper Functioning of the Website

The Data Controller collects certain technical data from the Data Subject’s device to ensure the proper functioning of the Website.

Enhancing User Experience

Based on identifiable user preferences, the Data Controller aims to improve its services in alignment with user needs.

Statistical Analysis

The Data Controller collects technical and usage data to assess Website activity and determine user preferences.

Marketing Purposes

Data obtained from Website use may be used by the Data Controller for promotional purposes.

Technical Protection of IT Systems

The Data Controller may collect data from the Data Subject’s device to safeguard its IT infrastructure.

 

10.2. Scope of Processed Personal Data

data type

personal data processed

Technical Data

IP address, browser type, operating system, time of visit, pages visited.

Data Collected by Cookies

User habits, preferences.

 

10.3. Cookies

type

purpose

validity period

Session Cookies

Enable basic Website functionality and navigation.

Until the end of the session.

Functional Cookies

Save user preferences (e.g., language settings).

Up to one year.

Analytical Cookies

Generate statistics about Website traffic and user preferences.

Two years.

Third-Party Cookies

Cookies placed by external service providers (e.g., social media plugins).

Varies.

 

10.4. Legal Basis

• Data Subject’s Consent [Article 6(1)(a) GDPR]: Required for non-essential cookies.

• Legitimate Interest of the Data Controller [Article 6(1)(f) GDPR]: Applies to cookies strictly necessary for the functioning of the Website.

 

11. Modification of the Privacy Policy

The Data Controller reserves the right to amend this Privacy Policy in accordance with changes in legislation, its activities, or organisational structure.

The current version of the Privacy Policy will always be made available on the Data Controller’s Website.

 

 

This Privacy Policy shall enter into force on: 24 June 2025.

 

Euroculture en Pays Gentiane

Data Controller