A.S.O. = Data Controller
https://www.thealulatour.com/en
https://www.tour-of-oman.com/fr/
https://www.paris-nice.fr/fr/
https://www.paris-roubaix.fr/fr/
https://www.paris-roubaix-femmes.fr/fr/
https://www.la-fleche-wallonne.be/fr/
https://www.la-fleche-wallonne-femmes.be/fr/
https://www.liege-bastogne-liege.be/fr/
https://www.trobroleon.com/fr/
https://www.criterium-du-dauphine.fr/fr/
https://www.letour.fr/fr/
https://www.letourfemmes.fr/fr/
https://www.arctic-race-of-norway.com/fr/
https://www.paris-tours.fr/fr/
https://www.saitamacriterium.com/fr

A.S.O. = Data Controller
https://www.hokasemideparis.fr/fr/
https://www.schneiderelectricparismarathon.com/fr/
https://www.parisroubaixchallenge.com/fr/
https://www.adidas10kparis.fr/fr
https://www.garmintriathlondeparis.fr/fr
https://www.letapedutourdefrance.com/fr
https://www.runinlyon.com/fr
https://www.rocazur.com/fr

 In this Document, words or expressions beginning with a capital letter refer to the terms defined in the General Terms and Conditions of Use and, failing that, will have the meaning of Article 4 of Regulation (EU) 2016/679 (known as " GDPR "):

"Consent" means any free, specific, informed and unequivocal expression of the Data Subject's wishes by which he or she agrees, by a statement or by a clear affirmative action, to the processing of Personal Data concerning him or her.  

"Recipient" means the natural or legal person, public authority, agency or other body that receives communication of Personal Data, whether or not it is a third party. In this case, A.S.O. may send Your data to its Partners or share it with the Social Networks in which You follow A.S.O.

"Personal Data" means any information relating to an identified or identifiable natural person (hereinafter the "Identified Person"). An "identifiable natural person" is any natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

"Independent Controller" means the legal person, public authority, department, or any other body that independently defines the means of Processing the Personal Data of the Data Controller, for specific purposes, limited to a specific context.

"Pixel": refers to a 1x1 pixel graphic that is loaded when the User opens a web page or email. The pixel makes it possible to trace all the activity of a User on the Web, regardless of the pages visited after the one where a pixel is located. We only use the Facebook, Apple and Google Pixel that allow You to log in to the Site using Your personal accounts on Facebook, Apple, or Google.

"Controller " means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing. In this case, A.S.O. may be considered, depending on the case, as the Data Controller.

"Social Networks" refers to sharing spaces on the Internet that allow the User of the Site to follow the various sporting events organized by A.S.O., to share photos and videos with their friends and fans who make up their "social network".

"Processor" means the natural or legal person who processes Personal Data on behalf of the Data Controller.

"Tag": refers to an element introduced in each of the pages whose audience We measure, to testify to their distribution. It is inserted into the source code of the page. The tags We use allow Us to verify the effectiveness of the pages offered and the functioning of the Site, in a completely anonymous way.

"Data Processing " means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,  the reconciliation or interconnection, limitation, erasure or destruction.

"User" refers to any person browsing the Site.

"You" and "Your" refer to the User of the Site.

II.1 When You visit the Sites.

Given that Your visit to Our Corporate Sites does not require the creation of an account, the only Data We collect is through Your browsing on the Site:

• Information about Your device's browser and the operating system You are using.

• The hashed IP address of the device You are using.

• The web pages You view.

• The links on the Site that You click on while browsing the Site.

• More information is given on this subject, on retention periods, in Our Cookie Policy.

II.2. When You wish to have information about Our job offers and/or apply
By browsing the A. N/A., You can discover not only Our sporting worlds, Our Events, but if you are passionate about sports and want to work in a dynamic company, you may want to know if we are looking for employees, and if so, in which sectors, to apply.

From the moment You wish to create Your user profile to apply for one of Our job offers, You will be directed to Our https://carrieres.aso.fr/#page-search website.

When You apply for one of Our offers or send Us an unsolicited application, You share Your Data with the publisher of Our recruitment software, Teamtailor.

At A.S.O. We always ask You only for the Data We need to process Your requests.

II.3 When You follow the news of Our Events

1.    Data collected directly.
a)    When You subscribe to the Newsletters
When You wish to be informed of the ins and outs of Our Events, You must fill out a form. We collect Your Data directly from You. Mandatory Data is followed by an asterisk (*).
To this end, You are redirected to the website of Our subcontractor "Splio". By filling in the newsletter subscription form, You agree to send him/her:
-    Identification data: title, surname, first name, email, date of birth, country,
-    Personal life data: Your language preferences
We may also ask You for some optional  data  that You are free to provide to Us if You wish: home address, city.

2.    Data collected indirectly

Data collected indirectly is collected by third parties:
- Google: via the reCaptcha at the bottom of the newsletter subscription form.
- Social Networks, through the Pixels that they deposit on the Sites, and which allow You to follow the Events on the official pages of the said Events on the Social Networks.

a)    Login data: Google reCAPTCHA
In order to preserve the security of the newsletter registration form, to struggle with the misuse of the Event newsletter registration form by preventing bots (automatic software) and to protect Ourselves against spam, We use the Google reCAPTCHA service at the bottom of the newsletter. In compliance  with Art. 6 para. 1 p. 1 lit. f GDPR, it  Our legitimate interest about  the security of Our Website as well as for the optimal performance of Our online presence.

Google reCAPTCHA is a service of Google LLC: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as " Google ").

Google reCAPTCHA uses a code embedded on the Website, called JavaScript, as part of verification methods to analyze Your use of the Site, such as cookies. The information automatically collected about Your use of this Site, including Your IP address, is usually transmitted to, and stored on a Google server in the United States.

Further information on Google's data protection policy can be found at www.google.com/policies/privacy .

b)    When You view Our videos embedded on Our Events Corporate Sites
You can choose to watch our videos about the current edition of Our Events or their previous editions by clicking on the video embedded on Our Website, or by visiting the Event channel on Dailymotion.
When You watch the video on Our Site, Dailymotion does not place a cookie on Your device. On the other hand, if You wish to follow the Event channel, You must log in to Your account and Dailymotion will place a cookie on Your device.
We have no control over the process used by Dailymotion to collect information relating to Your browsing associated with the personal data held by Dailymotion. We invite You to read Dailymotion's privacy and cookie policies to learn about their purposes, including advertising, for which they use the browsing information they may collect. Their respective policies should clarify Your rights, how You can exercise them, and how to give or withdraw Your consent.

The main purpose of A.S.O.'s corporate website is to present to you Our activities, events and to allow you to access Our job offers. Thus, when You browse the Site, You can access the third-party sites of Our Events, the A.S.O. "recruitment" site as well as the official pages of A.S.O.'s Social Networks and Our Events.

When You browse the Corporate Sites of Our Events, or subscribe to a newsletter to be informed of the ins and outs of the Event You are interested in, or when You follow Our Events through Social Networks, or when You share a video, You may, if You wish, authorize A.S.O. and/or Our partners to collect and process a certain amount of personal data.
Through the institutional sites of our Events, you can immerse yourself in the culture and history of the Event, the routes, the competitors, the official broadcasters, and you can travel to the different continents where our Events take place while also discovering a little of their History.

All our corporate sites are built according to a common concept. This allows Us to share Your Data with the same Recipients, who may act as:

-    Data Processors: these are our service providers with whom We share Your Data, in particular to host Our Institutional Sites;
-    Joint Data Controllers: when You like a video or photo of one of our Events on its Corporate Website, the social network for which You have liked it is the Joint Data Controller with A.S.O.
-    Independent Controller: when You go to a third-party site, whether it is a social network or a store offering You products related to the Event, A.S.O. no longer processes Your Data, it is the third-party site or the third-party social network that becomes Independent Controller and processes Your Data autonomously.

III.1 Our Subcontractors

1.    The host of Our Sites: Deloitte, Skale-5
Our Corporate Sites are hosted on the servers of SKALE-5, located in France: SKALE-5 33 Avenue des Champs Élysées, 75008 PARIS.
Skale-5 is part of Neoxia, which was acquired by Deloitte in 2023.

2.    Splio SAS
When You enter Your personal data and information to subscribe to the newsletter of Our Events, We share Your information with Splio SAS.
Splio SAS is a French company, located:
27, boulevard des Italiens
75002 PARIS – France

A.S.O. has signed a contract with Splio which has given Us all the guarantees in terms of security, concerning the data processing they carry out on Our behalf, including in particular:
-    Hosting data in a Cloud located in France.
-    Their data processors are in France or Ireland and are GDPR compliant.

III.2 Our Partners/Sponsors
We will ask for Your consent to be able to transfer Your data to Our Partners/Sponsors. This will allow them to provide You with commercial offers tailored to Your interests.
Given that Our Partners/Sponsors may  be common to several Events, and that they are numerous,  We will only ask for Your consent to send them Your Identification Data (name, surname, email). Your Data will be kept only until You withdraw Your consent, by clicking on the unsubscribe link at the bottom of the email You receive.
We and Our Partners/Sponsors respect Your privacy and will always respect Your Rights.

III.3 Social networks
A.S.O. cannot control the use of Your Data by Social Networks when You are redirected to their sites and therefore cannot be held responsible for any misuse by them. We strongly recommend You to carefully read the Privacy Policies or Statements of each of the Social Networks in order to be able to know how Your Data is used and how to exercise Your rights.
A.S.O. Allows you to follow the Events through the official pages of said Events in the Social Networks. This is why We have implemented different buttons, each corresponding to the Social Network concerned: Facebook, Instagram, X, Dailymotion, Tik Tok.

1.    Meta Inc.: Facebook and Instagram Buttons
Our Corporate Sites have implemented a Facebook and Instagram button to allow You to visit the Facebook and Instagram pages of the event, in which case, Meta Inc., parent company of Facebook and Instagram is considered as a Joint Data Controller. Indeed, Facebook and Instagram collect Your Data as soon as You open a site in which this Facebook and/or Instagram Pixel is positioned and tracks Your browsing in all the Sites.

 About Meta Inc.’s role  as a Joint Data Controller, You can find all the information required by Article 13(1) (a) and b) GDPR in Meta Inc.'s Data Policy available at:
https://fr-fr.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

Further information on how Meta Inc. processes Personal Data, including the legal basis on which Meta Inc. relies as well as the means available to data subjects to exercise their rights against Facebook and/or Instagram, can be found in Meta Inc.'s Data Use Policy available at:
https://fr-fr.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

However, once You are redirected to the Facebook or Instagram page of the event, Meta Inc. becomes an "Independent Controller" because Facebook and/or Instagram are the only ones to decide what data to collect, the purposes of the processing of Your data and You will have to contact Facebook and/or Instagram to exercise Your rights.

2.    X Button
Our Institutional Sites have implemented X to allow You to follow the event on X. In this case, X is considered to be a joint Data Controller. Indeed, X collects Your Data every time You click on the X button on Our Site.
About X role  as Joint Data Controller, You can find all the information required by Article 13(1) (a) and b) GDPR in X's data policy on: https://X.com/en/privacy .

Further information on how X processes personal data, including the legal basis on which X relies as well as the means available to data subjects to exercise their rights against X, can be found in X's Data Use Policy available at:  https://X.com/en/privacy .
However, once You are redirected to the X page of the event, X becomes an "Independent Controller" because X is the only one to decide which  data to collect, the purposes of the processing of Your data and You will have to contact X to exercise Your rights.

3.    Dailymotion Button
Our Institutional Sites have implemented Dailymotion to allow You to follow the event on Dailymotion's videos. In this case, Dailymotion is considered as a Joint Data Controller. Indeed, Dailymotion collects Your Data every time You click on the Dailymotion button on Our site.
About Dailymotion’s role  as Joint Data Controller, You can find all the information required by Article 13(1) (a) and b) GDPR in Dailymotion's data policy on: https://www.dailymotion.com/legal/privacy?localization=fr .
Further information on how Dailymotion processes personal data, including the legal basis on which Dailymotion relies as well as the means available to data subjects to exercise their rights against Dailymotion, can be found in Dailymotion's Data Use Policy available at:  https://www.dailymotion.com/legal/privacy?localization=fr.
However, once You are redirected to the Dailymotion page of the event, Dailymotion becomes an "Independent Controller" as Dailymotion is the only one to decide what data to collect, the purposes of the processing of Your data and You will have to contact Dailymotion to exercise Your rights.

4.    Tik Tok Button
Our Institutional Sites have implemented a Tik Tok button to allow You to follow the Event on videos shared on TikTok. In this case, TikTok Technology Limited (hereinafter "TikTok Ireland") is considered to be the joint controller. This is because TikTok Ireland collects Your Data every time You click on the TikTok button on Our site.
About Tik Tok Ireland’s role  as a Joint Data Controller, You can find all the information required by Article 13(1) (a) and b) GDPR in TikTok's data policy on: https://www.tiktok.com/legal/privacy-policy?lang=en.

Further information on how TikTok Ireland processes personal data, including the legal basis on which TikTok Ireland relies as well as the means available to data subjects to exercise their rights against TikTok Ireland, can be found in Tik Tok's Data Use Policy available at:  https://www.tiktok.com/legal/privacy-policy?lang=en
However, once You are redirected to the TikTok page of the Event, TikTok Ireland becomes an "Independent Controller" as TikTok Ireland is the only one to decide which data to collect, the purposes of the processing of Your data and You will need to contact TikTok Ireland to exercise Your rights.

III.4 Public authorities
In very limited cases regulated by law, A.S.O. may communicate Your data to a public authority requiring them from Us for the purposes of ensuring public security as well as Yours.

III.5 Third-Party Sites, shops of some of Our Sites
A.S.O. Allows you to benefit from offers on services and products sold by partner stores, whose Sites are not managed by A.S.O.

When You wish to purchase official products of Our Events, by clicking on the "Store" tab, You will be directed to the third-party’s Site of the corresponding partner store. Third-party store sites are not managed by A.S.O.

As soon as You enter the Site of the Shop, You leave the Official Sites of Our Events. The publishers of the third-party store sites become the Independent Controllers of Your Data. A.S.O. will not be able to act as an intermediary between the Third-Party Sites of the stores and You to settle any dispute whatsoever, or to exercise Your Rights.

We provide links to third-party stores for the following sites:

We invite You to read the privacy policies of the Third-Party Sites of the stores whose links You will find in the following table :

In compliance with the Applicable Regulations on the protection of personal data, We take all appropriate technical and organizational measures to guarantee the protection of Your Data; especially:

-     "Data protection by design and by default", with the implementation of technical security measures appropriate to the data processing carried out.

-    Auditing Our Processors (data protection and system and data security).

-    The contractual framework of our relationship with the Third Parties We work with: Data Processors, Sponsors, Partners, etc.

-    Signing Standard Contractual Clauses to secure the transfers of Your Data, etc.
We impose the same level of protection and security on the Data Processors We work with.

This Privacy Policy may be subject to change, which will be effective immediately upon the publication of the new version of the Privacy Policy on the https://www.aso.fr Site.

You will be informed of the publication of the new Policy on the home page of the Site or by email. We recommend You to check it regularly for any changes.

For any request relating to this Privacy Policy, We invite You to send a letter to A.S.O., DATA PROTECTION OFFICER, Bâtiment Quai Ouest, 40-42 Quai du Point du Jour, CS 90302, France or you can send an e-mail to the address : dpo@aso.fr