Politique de Confidentialité

Data Controller

AthleteX Series

[Legal Entity Placeholder — e.g. SAS au capital de X €, RCS Paris XXX XXX XXX]

[Registered Address Placeholder]

contact@athletex-series.com

Data Protection Officer: privacy@athletex-series.com

1. Introduction

AthleteX Series s'engage à protéger vos données personnelles. Cette politique explique comment nous collectons, utilisons et protégeons vos informations lorsque vous utilisez notre plateforme pour créer et acheter des cartes de collection personnalisées.

2. Data We Collect

We collect two types of data:

Information you provide: your name, email address, billing address, shipping address, and the photos you upload for card personalization.
Publicly accessible data: event performance data (such as rankings, times, or splits) retrieved from publicly available leaderboards to populate card statistics.
Payment data: card transactions are processed securely by Stripe. We do not store your full card number.
Technical data: IP address, browser type, and access logs collected automatically for security purposes.

Legal Bases for Processing

Your personal data is processed on the following legal bases:

Contract execution (Art. 6.1.b GDPR): processing necessary to fulfill your order — account creation, card production, shipping, digital delivery.
Legal obligation (Art. 6.1.c GDPR): retention of invoicing and accounting data as required by French tax law.
Legitimate interest (Art. 6.1.f GDPR): security monitoring, fraud prevention, and service improvement.

3. Use of Your Image

You retain ownership of any image you upload.

You grant AthleteX Series a limited license to use this image solely for:

generating the digital preview
producing the physical printed card
storing the digital version in your private user space

Your images are never sold or reused for marketing purposes.

Data Recipients & Sub-processors

To fulfill your orders, your data may be shared with the following categories of recipients:

Printing partner: receives card design data and shipping address for physical card production.
Shipping carrier: receives recipient name and delivery address for parcel delivery.
Payment processor (Stripe, Inc.): processes payment transactions securely. Stripe's privacy policy: https://stripe.com/privacy.
Hosting provider: stores application data on servers located within the European Union.

International Data Transfers

Your data is primarily processed and stored within the European Union. Payment processing via Stripe may involve data transfers to the United States, governed by Standard Contractual Clauses (SCCs) approved by the European Commission.

4. Data Retention

Order data is retained as required by applicable tax and accounting regulations.
Digital cards are stored to allow access from your account. You may request deletion at any time.
Upon account deletion, personal data is removed within 30 days, except data required by legal retention obligations.

Cookies

This site uses only essential cookies required for authentication, session management, and security. No advertising or analytics cookies are used. No consent banner is required for strictly necessary cookies under the ePrivacy Directive.

5. Your Rights (GDPR)

In accordance with European data protection regulations, you may request access, correction, or deletion of your personal data by contacting:

Right of access (Art. 15 GDPR): obtain a copy of your personal data.
Right to rectification (Art. 16 GDPR): correct inaccurate data.
Right to erasure (Art. 17 GDPR): request deletion of your data.
Right to data portability (Art. 20 GDPR): receive your data in a structured format.
Right to object (Art. 21 GDPR): object to processing based on legitimate interest.
Right to restriction (Art. 18 GDPR): request limitation of processing.
Right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French supervisory authority: www.cnil.fr.

Contact: privacy@athletex-series.com