Privacy Policy

 

 

This personal data protection policy (the “Policy”) sets out the commitments made by OFFPRINT, as data controller, to protect your personal data. Through this Policy, OFFPRINT aims to clearly explain how your personal data is collected and used when you visit our website www.offprint.org (the “Site”), as well as in connection with any relationship you may have with OFFPRINT.

OFFPRINT is committed to complying with the European General Data Protection Regulation (GDPR, Regulation No. 2016/679), as well as French Data Protection Act No. 78-17.

This Policy may be updated from time to time. If it is updated, we will indicate the date of the most recent update at the bottom of this Policy. Your consent will always be requested if an update to this privacy statement affects, in any way, the way your personal information may be used compared with the provisions of this Policy in effect at the time the information was collected.

 

Table of Contents 

  1. Scope
  2. Our data protection principles
  3. What data we process and how we collect it
  4. What are the legal bases for collecting your data?
  5. When is your personal data collected?
  6. How long do we keep your data?
  7. Who is responsible for collecting and processing the data?
  8. Who receives the data?
  9. How is the data secured?
  10. Use of cookies
  11. Transfers of data outside the European Union
  12. What are your rights and how can you exercise them?

 

1. SCOPE
  • Fonds de dotation LUMA Arles, 35 Avenue Victor Hugo, 13200 Arles, France
  • SAS LUMA Arles, 35 Avenue Victor Hugo, 13200 Arles, France

 

2. OUR DATA PROTECTION PRINCIPLES

In accordance with applicable regulations, OFFPRINT applies the following principles:

  • Lawfulness: we use personal data only if:
    • the individual has given their consent; OR
    • the processing is necessary for the performance of a contract to which the individual is a party; OR
    • the processing is necessary to comply with a legal obligation; OR
    • the processing is necessary to protect the individual’s vital interests; OR
    • we pursue a legitimate interest in using personal data, provided that such use does not override the individual’s freedoms and interests.
  • Fairness: we explain why the personal data we collect is useful and necessary.
  • Specific purposes and data minimization: OFFPRINT collects only the personal data that is genuinely necessary for the purpose for which it is processed. If the same result can be achieved using less personal data, OFFPRINT ensures that only that limited data is used.
  • Transparency: we inform the individuals concerned about how their data is used.
  • We make it easier for individuals to exercise their rights, including the right to access, rectify, and delete their data, and the right to object to data processing.
  • Retention periods: we keep personal data only for limited periods.
  • We ensure the security of personal data, including its integrity and confidentiality.
  • If a third party needs to use personal data, we make sure that the third party is able to protect that personal data.
  • If personal data must be transferred outside the European Union, we ensure that the transfer is governed by appropriate legal safeguards.
  • If personal data is compromised (lost, stolen, damaged, unavailable, etc.), we notify the competent data protection authorities and the affected individuals, where the breach is likely to result in a high risk to individuals’ rights and freedoms.

 

 

3. WHAT DATA DO WE PROCESS AND HOW DO WE COLLECT IT?

 

                  3.1. Your data

OFFPRINT makes sure that it collects only the data that is strictly necessary for the purpose for which it is processed. 

The term “data” refers to any personal information that can identify you as an individual and that you provide in the course of your interactions with us.

 

When your data is collected through an online form, mandatory fields are identified by an asterisk or another equivalent method.

Data not marked with an asterisk or equivalent indicator is optional. It helps the establishments within the Group get to know you better and improve our communications and services to you, but you are not required to provide it.

The collection of information about individuals under the age of 18 is limited, unless required because of a minor’s specific circumstances, to their last name, first name, nationality, and date of birth, and such information may only be provided to us by an adult. Please make sure that your children do not send us any personal data without your permission, including online. If such information is sent to us, you may contact the Data Protection Officer, as described in Section 12, “What are your rights and how can you exercise them?”, so that the information can be deleted.

3.2. How we collect data

Data you provide to us

We collect the socio-professional data about you that you may provide to us, such as your name, email address, home and business addresses, telephone number, nationality, and date of birth. You may provide this information when you purchase and/or use one of our products or services, during your visits, when you connect to the Wi-Fi service, or during your various interactions with our teams, including when you register on our Site, contact us, subscribe to our newsletters, participate in an online survey or promotional campaign, use our online help section, or use any feature of our Site.

In addition, for any booking, we, or our financial service providers, collect the personal data related to that booking because it is required to process your request. The information collected includes payment data, in particular your credit or debit card number.

Data we collect automatically

When you browse our website, we collect data related to the management of our commercial relationship with you, including your upcoming visit, the product and/or service purchased, correspondence and/or telephone exchanges with our teams, and similar information.

We also collect data related to the device you use when browsing our Site or, during your visit, when using the Wi-Fi connection, including your device’s unique identifier, IP address, operating system, browser, usage data, diagnostic and location data from or about your computers, and the type of device used to access our products and services.

Information from our partners

We collect information from trusted partners, provided that we have confirmation that they have legitimate grounds for sharing that information with us. This may include information you gave them directly or information they collected about you on other valid legal grounds.

 

4. WHEN IS YOUR PERSONAL DATA COLLECTED?


  • When products or services are sold
    • Private events and venue hire
    • Online store
  • When you participate in marketing programs or activities:
    • Taking part in satisfaction surveys;
    • Subscribing to newsletters
  • When job applications are processed
  • Through video surveillance

5. HOW LONG DO WE KEEP YOUR DATA?

We keep your personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by applicable law. In general, the retention period for your personal data depends on the type of data and the purposes for which we collect it. The retention period is determined:

  • Either by specific legal or regulatory provisions:
    • Legal and regulatory provisions
      • French Commercial Code
      • French Civil Code
      • French Labor Code
      • French Social Security Code
      • French Consumer Code
      • French Postal and Electronic Communications Code
    • CNIL guidelines and reference frameworks

 

  • Or by the data controller, based on operational needs, in proportion to the purpose of the processing and in compliance with individuals’ rights and freedoms.

Once these retention periods have expired, the data will be deleted or anonymized.

You have the right to request deletion of your personal data at any time, subject to our legal obligations to retain certain information.

However, after the applicable periods have expired, including following your deletion request, your personal data may be placed in intermediate archives in order to meet our legal, accounting, and tax obligations and/or any applicable limitation periods connected with our relationship.

 

6. WHO IS RESPONSIBLE FOR COLLECTING AND PROCESSING THE DATA?

 

Subscription to, access to, and/or use of certain services involves the processing of personal data.

The entities listed in Section 1 of this Policy are joint controllers of users’ personal data. SAS LUMA Arles, whose registered office is located at 35 Avenue Victor Hugo, 13200 Arles, France, and which is registered with the Tarascon Trade and Companies Register under number 812 901 700, has been appointed as the final recipient of requests from individuals. SAS LUMA Arles is therefore responsible for implementing and maintaining the systems used to receive requests from individuals.

LUMA Arles recognizes the trust you place in it when you provide personal information in order to use its services.

In this respect, OFFPRINT undertakes to comply with this Policy, which you accept when you subscribe to its products or use its services.

OFFPRINT has appointed a Data Protection Officer (DPO) responsible for helping ensure the protection of personal data. You may contact the Data Protection Officer at dpo@luma-arles.org      

OFFPRINT cannot be held responsible for the content of websites linked from these sites, their level of security, or their privacy practices.

 

7.  WHO RECEIVES PERSONAL DATA?

7.1 SERVICE PROVIDERS, VENDORS, AND PARTNERS

In connection with providing its services, OFFPRINT may disclose your data to, or give access to your data to, the following teams and service providers:

    • Our service provider responsible for managing the Site and analyzing Site traffic
    • Our service provider responsible for hosting the Site
    • Our Site analytics and remarketing solutions
    • With respect to your bank card data:
      1. Financial transactions related to payment for purchases and fees through the platform are handled by an external payment service provider, which is responsible for processing them properly and securely. This provider collects and retains, for the duration of your registration on the Platform and at least until your last transaction, on our behalf and for our account, the personal data related to your bank card numbers. We do not have access to this data.
      2. Data relating to the card verification code, or CVV2, printed on your bank card, is not stored.

 

The identity of our processors, as recipients of your data, will be provided to you upon request.

LUMA Arles recognizes the sensitive nature of your data and handles it with the utmost care. Only the data strictly necessary will be disclosed to third parties for processing.

In addition, OFFPRINT, as data controller, implements appropriate measures to secure the handling of your personal data by its processors. Whenever processing is carried out on its behalf, OFFPRINT uses only processors that provide sufficient guarantees that they have implemented appropriate technical and organizational measures so that the processing meets the requirements of the European regulation and protects the rights of the data subject and the security of their personal data.

 
7.2 INTERNAL RECIPIENTS WITHIN THE GROUP

We share your data with a limited number of authorized people and departments within OFFPRINT in order to provide you with the best possible experience. The following teams may access your data:

  • Communications Department;
  • IT Department;
  • Legal Department;
  • Accounting Department;
  • Human Resources Department;
  • Development Department;
  • Visitor Services Department;
  • Partnerships and Patronage Department;
  • Safety and Security Team
     
8. HOW IS THE DATA SECURED?

OFFPRINT protects your data by implementing enhanced data protection through physical and logical technical security measures designed to preserve the integrity of your data and ensure that it is processed confidentially and securely. More specifically, OFFPRINT systematically encrypts your personal data when it travels over networks in order to protect its confidentiality and prevent interception by unauthorized third parties. 

The OFFPRINT servers on which your data is stored are located in secure computer rooms with access restricted to authorized personnel only. Access is strictly controlled to prevent data theft. To ensure the confidentiality of your data within OFFPRINT’s systems, logical access is granted only to automated processes and employees who need to access the data in order to process it.

 

9. USE OF COOKIES 

We use various cookies on the Site and/or the Application to improve the interactivity of the Site and/or the Application and our services. 

What is a “cookie”?

When you visit our Site and/or Application, cookies are placed on your computer, mobile phone, or tablet. A cookie is a text file placed on your device when you visit a website or view an advertisement. Cookies are used in particular to collect information about your browsing on websites and to provide you with personalized services. To make our Site/Application as well suited as possible to its users, we use cookies, for example, to identify you and allow you to access your account, manage your shopping cart, remember the pages you have viewed, personalize the offers we present to you, and provide targeted advertising. Most cookies can be managed through the web browser you use. 

    1. List of cookies

Strictly necessary cookies

These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually set in response to actions you take that amount to a request for services, such as setting your privacy preferences, logging in, or completing forms. You can set your browser to block these cookies or alert you when they are present, but some parts of the website may not work properly. These cookies do not store any personally identifying information.

Analytics cookies

These cookies are used to obtain information about use of the Site and/or the Application. They are necessary for the proper functioning of the Site and the Application. In some cases, they may identify the user.

 

Third-party cookies

These are cookies placed by third-party companies, such as advertising networks or partners, in order to measure the audience of our Site/Application or identify your interests based on products viewed or purchased, and to personalize the advertising shown to you on or off our Site/Application. 

These features use third-party cookies placed directly by those services. When you first visit our Site/Application, a banner informs you of the presence of these cookies and asks you to indicate your choice. They are placed only if you accept them or if you continue browsing the Site/Application by visiting a second page of our Site/Application. 

You may obtain information about cookies and manage your preferences at any time, including accepting or refusing cookies, by visiting the Cookie Management page available at the bottom of each page of the Site/Application. You will be able to indicate your preference either globally for the

 

Accepting or refusing cookies

You may modify or withdraw your consent at any time through the cookie management tool on our website, under the “Cookie Management” tab.

 

  1. TRANSFERS OF DATA OUTSIDE THE EUROPEAN UNION

 

As a general rule, OFFPRINT keeps personal data within the European Union. 

However, because some of our service providers may, for example, be located in countries outside the European Union (“Third Countries”), OFFPRINT may transfer certain personal data to Third Countries. This may include Third Countries for which the European Commission has not issued an “adequacy” decision. In such cases, LUMA Arles ensures that the transfer is carried out in compliance with applicable regulations and provides a sufficient level of protection for the privacy and fundamental rights of the individuals concerned, in particular through the European Commission’s Standard Contractual Clauses.

Data flows to countries that do not provide a level of personal data protection equivalent to that required within the European Union are therefore governed by the Standard Contractual Clauses adopted by the European Commission.

 

  1. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

 

In accordance with European Regulation 2016/679 of April 27, 2016 on the protection of personal data, French Law No. 2018-493 of June 20, 2018 on the protection of personal data, and French Law No. 78-17 of January 6, 1978, known as the French Data Protection Act, you have:

  • A right of access: the right to obtain confirmation from OFFPRINT as to whether or not your data is being processed, and to receive a copy of the personal data about you that we hold.

 

  • A right to rectification: the right to correct inaccurate or outdated personal data about you that we hold.

 

  • A right to erasure, or “right to be forgotten”: the right to have personal data about you that we hold erased, except where the law requires us to retain the data or where we have a legitimate reason to do so.

 

  • A right to object: you may object at any time, on grounds relating to your particular situation, to the processing of your personal data for marketing purposes.

 

You may also object to processing based on OFFPRINT’s legitimate interest on grounds relating to your particular situation, unless there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or where the processing is necessary for the establishment, exercise, or defense of legal claims;

  • A right to restriction of processing: you have the right to restrict the processing of your personal data in the following cases:

 

  • If you exercise your right to rectification, restriction of processing may be requested for the period needed to verify the accuracy of the data;
  • If you exercise your right to object, restriction may apply during the period needed to verify whether OFFPRINT’s legitimate grounds override your own;
  • If your personal data has been unlawfully processed, you may request restriction of its use rather than deletion;
  • If the personal data would otherwise have to be erased but is still needed for the establishment, exercise, or defense of legal claims.

 

  • A right to data portability: you have the right to receive the personal data you provided to OFFPRINT where that data is processed by automated means and was collected on the basis of your prior consent or the performance of a contract entered into with OFFPRINT. The data must be provided in a structured, commonly used, machine-readable format. This right also includes the right to transmit that data to another data controller.

Finally, you have the right to define instructions regarding the handling of your personal data after your death.

These rights may be exercised under the conditions and within the limits set by applicable regulations. You may also be asked to provide supporting documentation to confirm your identity. Any incomplete request may not be processed by OFFPRINT.

To exercise these rights, you may contact our Data Protection Officer at any time, free of charge, by completing the following form: Form.

Please note that proof of identity may be required. If proof of identity is required and you do not provide it, we will not be able to process your request. In that case, the response period will be suspended until OFFPRINT receives the additional supporting documents requested.

If no satisfactory solution is found, or if the dispute remains unresolved, you may file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) or with the supervisory authority of the European Union Member State in which you usually reside.

 

 

Gérer mes consentements
Infos pratiques

4 → 26 juillet 2026
Tous les jours, de 15h00 à 20h00

LUMA Arles
35 avenue Victor Hugo, 
13200 Arles